mirror of https://github.com/hashicorp/consul
Rename config entry ACL methods
parent
690e9dd2c0
commit
fed7595d45
|
@ -36,7 +36,7 @@ func (c *ConfigEntry) Apply(args *structs.ConfigEntryRequest, reply *struct{}) e
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
if rule != nil && !args.Entry.VerifyWriteACL(rule) {
|
if rule != nil && !args.Entry.CanWrite(rule) {
|
||||||
return acl.ErrPermissionDenied
|
return acl.ErrPermissionDenied
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -69,7 +69,7 @@ func (c *ConfigEntry) Get(args *structs.ConfigEntryQuery, reply *structs.Indexed
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
if rule != nil && !lookupEntry.VerifyReadACL(rule) {
|
if rule != nil && !lookupEntry.CanRead(rule) {
|
||||||
return acl.ErrPermissionDenied
|
return acl.ErrPermissionDenied
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -119,7 +119,7 @@ func (c *ConfigEntry) List(args *structs.ConfigEntryQuery, reply *structs.Indexe
|
||||||
// Filter the entries returned by ACL permissions.
|
// Filter the entries returned by ACL permissions.
|
||||||
filteredEntries := make([]structs.ConfigEntry, 0, len(entries))
|
filteredEntries := make([]structs.ConfigEntry, 0, len(entries))
|
||||||
for _, entry := range entries {
|
for _, entry := range entries {
|
||||||
if rule != nil && !entry.VerifyReadACL(rule) {
|
if rule != nil && !entry.CanRead(rule) {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
filteredEntries = append(filteredEntries, entry)
|
filteredEntries = append(filteredEntries, entry)
|
||||||
|
@ -149,7 +149,7 @@ func (c *ConfigEntry) Delete(args *structs.ConfigEntryRequest, reply *struct{})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
if rule != nil && !args.Entry.VerifyWriteACL(rule) {
|
if rule != nil && !args.Entry.CanWrite(rule) {
|
||||||
return acl.ErrPermissionDenied
|
return acl.ErrPermissionDenied
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -26,10 +26,10 @@ type ConfigEntry interface {
|
||||||
Normalize() error
|
Normalize() error
|
||||||
Validate() error
|
Validate() error
|
||||||
|
|
||||||
// VerifyReadACL and VerifyWriteACL return whether or not the given Authorizer
|
// CanRead and CanWrite return whether or not the given Authorizer
|
||||||
// has permission to read or write to the config entry, respectively.
|
// has permission to read or write to the config entry, respectively.
|
||||||
VerifyReadACL(acl.Authorizer) bool
|
CanRead(acl.Authorizer) bool
|
||||||
VerifyWriteACL(acl.Authorizer) bool
|
CanWrite(acl.Authorizer) bool
|
||||||
|
|
||||||
GetRaftIndex() *RaftIndex
|
GetRaftIndex() *RaftIndex
|
||||||
}
|
}
|
||||||
|
@ -76,11 +76,11 @@ func (e *ServiceConfigEntry) Validate() error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (e *ServiceConfigEntry) VerifyReadACL(rule acl.Authorizer) bool {
|
func (e *ServiceConfigEntry) CanRead(rule acl.Authorizer) bool {
|
||||||
return rule.ServiceRead(e.Name)
|
return rule.ServiceRead(e.Name)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (e *ServiceConfigEntry) VerifyWriteACL(rule acl.Authorizer) bool {
|
func (e *ServiceConfigEntry) CanWrite(rule acl.Authorizer) bool {
|
||||||
return rule.ServiceWrite(e.Name, nil)
|
return rule.ServiceWrite(e.Name, nil)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -140,11 +140,11 @@ func (e *ProxyConfigEntry) Validate() error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (e *ProxyConfigEntry) VerifyReadACL(rule acl.Authorizer) bool {
|
func (e *ProxyConfigEntry) CanRead(rule acl.Authorizer) bool {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
func (e *ProxyConfigEntry) VerifyWriteACL(rule acl.Authorizer) bool {
|
func (e *ProxyConfigEntry) CanWrite(rule acl.Authorizer) bool {
|
||||||
return rule.OperatorWrite()
|
return rule.OperatorWrite()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue