github.com/outbrain/consul@v1.4.5/agent/structs/acl_cache.go (about) 1 package structs 2 3 import ( 4 "time" 5 6 "github.com/hashicorp/consul/acl" 7 "github.com/hashicorp/golang-lru" 8 ) 9 10 type ACLCachesConfig struct { 11 Identities int 12 Policies int 13 ParsedPolicies int 14 Authorizers int 15 } 16 17 type ACLCaches struct { 18 identities *lru.TwoQueueCache // identity id -> structs.ACLIdentity 19 parsedPolicies *lru.TwoQueueCache // policy content hash -> acl.Policy 20 policies *lru.TwoQueueCache // policy ID -> ACLPolicy 21 authorizers *lru.TwoQueueCache // token secret -> acl.Authorizer 22 } 23 24 type IdentityCacheEntry struct { 25 Identity ACLIdentity 26 CacheTime time.Time 27 } 28 29 func (e *IdentityCacheEntry) Age() time.Duration { 30 return time.Since(e.CacheTime) 31 } 32 33 type ParsedPolicyCacheEntry struct { 34 Policy *acl.Policy 35 CacheTime time.Time 36 } 37 38 func (e *ParsedPolicyCacheEntry) Age() time.Duration { 39 return time.Since(e.CacheTime) 40 } 41 42 type PolicyCacheEntry struct { 43 Policy *ACLPolicy 44 CacheTime time.Time 45 } 46 47 func (e *PolicyCacheEntry) Age() time.Duration { 48 return time.Since(e.CacheTime) 49 } 50 51 type AuthorizerCacheEntry struct { 52 Authorizer acl.Authorizer 53 CacheTime time.Time 54 TTL time.Duration 55 } 56 57 func (e *AuthorizerCacheEntry) Age() time.Duration { 58 return time.Since(e.CacheTime) 59 } 60 61 func NewACLCaches(config *ACLCachesConfig) (*ACLCaches, error) { 62 cache := &ACLCaches{} 63 64 if config != nil && config.Identities > 0 { 65 identCache, err := lru.New2Q(config.Identities) 66 if err != nil { 67 return nil, err 68 } 69 70 cache.identities = identCache 71 } 72 73 if config != nil && config.Policies > 0 { 74 policyCache, err := lru.New2Q(config.Policies) 75 if err != nil { 76 return nil, err 77 } 78 79 cache.policies = policyCache 80 } 81 82 if config != nil && config.ParsedPolicies > 0 { 83 parsedCache, err := lru.New2Q(config.ParsedPolicies) 84 if err != nil { 85 return nil, err 86 } 87 88 cache.parsedPolicies = parsedCache 89 } 90 91 if config != nil && config.Authorizers > 0 { 92 authCache, err := lru.New2Q(config.Authorizers) 93 if err != nil { 94 return nil, err 95 } 96 97 cache.authorizers = authCache 98 } 99 100 return cache, nil 101 } 102 103 // GetIdentity fetches an identity from the cache and returns it 104 func (c *ACLCaches) GetIdentity(id string) *IdentityCacheEntry { 105 if c == nil || c.identities == nil { 106 return nil 107 } 108 109 if raw, ok := c.identities.Get(id); ok { 110 return raw.(*IdentityCacheEntry) 111 } 112 113 return nil 114 } 115 116 // GetPolicy fetches a policy from the cache and returns it 117 func (c *ACLCaches) GetPolicy(policyID string) *PolicyCacheEntry { 118 if c == nil || c.policies == nil { 119 return nil 120 } 121 122 if raw, ok := c.policies.Get(policyID); ok { 123 return raw.(*PolicyCacheEntry) 124 } 125 126 return nil 127 } 128 129 // GetPolicy fetches a policy from the cache and returns it 130 func (c *ACLCaches) GetParsedPolicy(id string) *ParsedPolicyCacheEntry { 131 if c == nil || c.parsedPolicies == nil { 132 return nil 133 } 134 135 if raw, ok := c.parsedPolicies.Get(id); ok { 136 return raw.(*ParsedPolicyCacheEntry) 137 } 138 139 return nil 140 } 141 142 // GetAuthorizer fetches a acl from the cache and returns it 143 func (c *ACLCaches) GetAuthorizer(id string) *AuthorizerCacheEntry { 144 if c == nil || c.authorizers == nil { 145 return nil 146 } 147 148 if raw, ok := c.authorizers.Get(id); ok { 149 return raw.(*AuthorizerCacheEntry) 150 } 151 152 return nil 153 } 154 155 // PutIdentity adds a new identity to the cache 156 func (c *ACLCaches) PutIdentity(id string, ident ACLIdentity) { 157 if c == nil || c.identities == nil { 158 return 159 } 160 161 c.identities.Add(id, &IdentityCacheEntry{Identity: ident, CacheTime: time.Now()}) 162 } 163 164 func (c *ACLCaches) PutPolicy(policyId string, policy *ACLPolicy) { 165 if c == nil || c.policies == nil { 166 return 167 } 168 169 c.policies.Add(policyId, &PolicyCacheEntry{Policy: policy, CacheTime: time.Now()}) 170 } 171 172 func (c *ACLCaches) PutParsedPolicy(id string, policy *acl.Policy) { 173 if c == nil || c.parsedPolicies == nil { 174 return 175 } 176 177 c.parsedPolicies.Add(id, &ParsedPolicyCacheEntry{Policy: policy, CacheTime: time.Now()}) 178 } 179 180 func (c *ACLCaches) PutAuthorizer(id string, authorizer acl.Authorizer) { 181 if c == nil || c.authorizers == nil { 182 return 183 } 184 185 c.authorizers.Add(id, &AuthorizerCacheEntry{Authorizer: authorizer, CacheTime: time.Now()}) 186 } 187 188 func (c *ACLCaches) PutAuthorizerWithTTL(id string, authorizer acl.Authorizer, ttl time.Duration) { 189 if c == nil || c.authorizers == nil { 190 return 191 } 192 193 c.authorizers.Add(id, &AuthorizerCacheEntry{Authorizer: authorizer, CacheTime: time.Now(), TTL: ttl}) 194 } 195 196 func (c *ACLCaches) RemoveIdentity(id string) { 197 if c != nil && c.identities != nil { 198 c.identities.Remove(id) 199 } 200 } 201 202 func (c *ACLCaches) RemovePolicy(policyID string) { 203 if c != nil && c.policies != nil { 204 c.policies.Remove(policyID) 205 } 206 } 207 208 func (c *ACLCaches) Purge() { 209 if c != nil { 210 if c.identities != nil { 211 c.identities.Purge() 212 } 213 if c.policies != nil { 214 c.policies.Purge() 215 } 216 if c.parsedPolicies != nil { 217 c.parsedPolicies.Purge() 218 } 219 if c.authorizers != nil { 220 c.authorizers.Purge() 221 } 222 } 223 }