mirror of https://github.com/hashicorp/consul
Rename config entry ACL methods
parent
690e9dd2c0
commit
fed7595d45
|
@ -36,7 +36,7 @@ func (c *ConfigEntry) Apply(args *structs.ConfigEntryRequest, reply *struct{}) e
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if rule != nil && !args.Entry.VerifyWriteACL(rule) {
|
||||
if rule != nil && !args.Entry.CanWrite(rule) {
|
||||
return acl.ErrPermissionDenied
|
||||
}
|
||||
|
||||
|
@ -69,7 +69,7 @@ func (c *ConfigEntry) Get(args *structs.ConfigEntryQuery, reply *structs.Indexed
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if rule != nil && !lookupEntry.VerifyReadACL(rule) {
|
||||
if rule != nil && !lookupEntry.CanRead(rule) {
|
||||
return acl.ErrPermissionDenied
|
||||
}
|
||||
|
||||
|
@ -119,7 +119,7 @@ func (c *ConfigEntry) List(args *structs.ConfigEntryQuery, reply *structs.Indexe
|
|||
// Filter the entries returned by ACL permissions.
|
||||
filteredEntries := make([]structs.ConfigEntry, 0, len(entries))
|
||||
for _, entry := range entries {
|
||||
if rule != nil && !entry.VerifyReadACL(rule) {
|
||||
if rule != nil && !entry.CanRead(rule) {
|
||||
continue
|
||||
}
|
||||
filteredEntries = append(filteredEntries, entry)
|
||||
|
@ -149,7 +149,7 @@ func (c *ConfigEntry) Delete(args *structs.ConfigEntryRequest, reply *struct{})
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if rule != nil && !args.Entry.VerifyWriteACL(rule) {
|
||||
if rule != nil && !args.Entry.CanWrite(rule) {
|
||||
return acl.ErrPermissionDenied
|
||||
}
|
||||
|
||||
|
|
|
@ -26,10 +26,10 @@ type ConfigEntry interface {
|
|||
Normalize() error
|
||||
Validate() error
|
||||
|
||||
// VerifyReadACL and VerifyWriteACL return whether or not the given Authorizer
|
||||
// CanRead and CanWrite return whether or not the given Authorizer
|
||||
// has permission to read or write to the config entry, respectively.
|
||||
VerifyReadACL(acl.Authorizer) bool
|
||||
VerifyWriteACL(acl.Authorizer) bool
|
||||
CanRead(acl.Authorizer) bool
|
||||
CanWrite(acl.Authorizer) bool
|
||||
|
||||
GetRaftIndex() *RaftIndex
|
||||
}
|
||||
|
@ -76,11 +76,11 @@ func (e *ServiceConfigEntry) Validate() error {
|
|||
return nil
|
||||
}
|
||||
|
||||
func (e *ServiceConfigEntry) VerifyReadACL(rule acl.Authorizer) bool {
|
||||
func (e *ServiceConfigEntry) CanRead(rule acl.Authorizer) bool {
|
||||
return rule.ServiceRead(e.Name)
|
||||
}
|
||||
|
||||
func (e *ServiceConfigEntry) VerifyWriteACL(rule acl.Authorizer) bool {
|
||||
func (e *ServiceConfigEntry) CanWrite(rule acl.Authorizer) bool {
|
||||
return rule.ServiceWrite(e.Name, nil)
|
||||
}
|
||||
|
||||
|
@ -140,11 +140,11 @@ func (e *ProxyConfigEntry) Validate() error {
|
|||
return nil
|
||||
}
|
||||
|
||||
func (e *ProxyConfigEntry) VerifyReadACL(rule acl.Authorizer) bool {
|
||||
func (e *ProxyConfigEntry) CanRead(rule acl.Authorizer) bool {
|
||||
return true
|
||||
}
|
||||
|
||||
func (e *ProxyConfigEntry) VerifyWriteACL(rule acl.Authorizer) bool {
|
||||
func (e *ProxyConfigEntry) CanWrite(rule acl.Authorizer) bool {
|
||||
return rule.OperatorWrite()
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue