github.com/sl1pm4t/consul@v1.4.5-0.20190325224627-74c31c540f9c/agent/structs/acl_cache.go (about)

     1  package structs
     2  
     3  import (
     4  	"time"
     5  
     6  	"github.com/hashicorp/consul/acl"
     7  	"github.com/hashicorp/golang-lru"
     8  )
     9  
    10  type ACLCachesConfig struct {
    11  	Identities     int
    12  	Policies       int
    13  	ParsedPolicies int
    14  	Authorizers    int
    15  }
    16  
    17  type ACLCaches struct {
    18  	identities     *lru.TwoQueueCache // identity id -> structs.ACLIdentity
    19  	parsedPolicies *lru.TwoQueueCache // policy content hash -> acl.Policy
    20  	policies       *lru.TwoQueueCache // policy ID -> ACLPolicy
    21  	authorizers    *lru.TwoQueueCache // token secret -> acl.Authorizer
    22  }
    23  
    24  type IdentityCacheEntry struct {
    25  	Identity  ACLIdentity
    26  	CacheTime time.Time
    27  }
    28  
    29  func (e *IdentityCacheEntry) Age() time.Duration {
    30  	return time.Since(e.CacheTime)
    31  }
    32  
    33  type ParsedPolicyCacheEntry struct {
    34  	Policy    *acl.Policy
    35  	CacheTime time.Time
    36  }
    37  
    38  func (e *ParsedPolicyCacheEntry) Age() time.Duration {
    39  	return time.Since(e.CacheTime)
    40  }
    41  
    42  type PolicyCacheEntry struct {
    43  	Policy    *ACLPolicy
    44  	CacheTime time.Time
    45  }
    46  
    47  func (e *PolicyCacheEntry) Age() time.Duration {
    48  	return time.Since(e.CacheTime)
    49  }
    50  
    51  type AuthorizerCacheEntry struct {
    52  	Authorizer acl.Authorizer
    53  	CacheTime  time.Time
    54  	TTL        time.Duration
    55  }
    56  
    57  func (e *AuthorizerCacheEntry) Age() time.Duration {
    58  	return time.Since(e.CacheTime)
    59  }
    60  
    61  func NewACLCaches(config *ACLCachesConfig) (*ACLCaches, error) {
    62  	cache := &ACLCaches{}
    63  
    64  	if config != nil && config.Identities > 0 {
    65  		identCache, err := lru.New2Q(config.Identities)
    66  		if err != nil {
    67  			return nil, err
    68  		}
    69  
    70  		cache.identities = identCache
    71  	}
    72  
    73  	if config != nil && config.Policies > 0 {
    74  		policyCache, err := lru.New2Q(config.Policies)
    75  		if err != nil {
    76  			return nil, err
    77  		}
    78  
    79  		cache.policies = policyCache
    80  	}
    81  
    82  	if config != nil && config.ParsedPolicies > 0 {
    83  		parsedCache, err := lru.New2Q(config.ParsedPolicies)
    84  		if err != nil {
    85  			return nil, err
    86  		}
    87  
    88  		cache.parsedPolicies = parsedCache
    89  	}
    90  
    91  	if config != nil && config.Authorizers > 0 {
    92  		authCache, err := lru.New2Q(config.Authorizers)
    93  		if err != nil {
    94  			return nil, err
    95  		}
    96  
    97  		cache.authorizers = authCache
    98  	}
    99  
   100  	return cache, nil
   101  }
   102  
   103  // GetIdentity fetches an identity from the cache and returns it
   104  func (c *ACLCaches) GetIdentity(id string) *IdentityCacheEntry {
   105  	if c == nil || c.identities == nil {
   106  		return nil
   107  	}
   108  
   109  	if raw, ok := c.identities.Get(id); ok {
   110  		return raw.(*IdentityCacheEntry)
   111  	}
   112  
   113  	return nil
   114  }
   115  
   116  // GetPolicy fetches a policy from the cache and returns it
   117  func (c *ACLCaches) GetPolicy(policyID string) *PolicyCacheEntry {
   118  	if c == nil || c.policies == nil {
   119  		return nil
   120  	}
   121  
   122  	if raw, ok := c.policies.Get(policyID); ok {
   123  		return raw.(*PolicyCacheEntry)
   124  	}
   125  
   126  	return nil
   127  }
   128  
   129  // GetPolicy fetches a policy from the cache and returns it
   130  func (c *ACLCaches) GetParsedPolicy(id string) *ParsedPolicyCacheEntry {
   131  	if c == nil || c.parsedPolicies == nil {
   132  		return nil
   133  	}
   134  
   135  	if raw, ok := c.parsedPolicies.Get(id); ok {
   136  		return raw.(*ParsedPolicyCacheEntry)
   137  	}
   138  
   139  	return nil
   140  }
   141  
   142  // GetAuthorizer fetches a acl from the cache and returns it
   143  func (c *ACLCaches) GetAuthorizer(id string) *AuthorizerCacheEntry {
   144  	if c == nil || c.authorizers == nil {
   145  		return nil
   146  	}
   147  
   148  	if raw, ok := c.authorizers.Get(id); ok {
   149  		return raw.(*AuthorizerCacheEntry)
   150  	}
   151  
   152  	return nil
   153  }
   154  
   155  // PutIdentity adds a new identity to the cache
   156  func (c *ACLCaches) PutIdentity(id string, ident ACLIdentity) {
   157  	if c == nil || c.identities == nil {
   158  		return
   159  	}
   160  
   161  	c.identities.Add(id, &IdentityCacheEntry{Identity: ident, CacheTime: time.Now()})
   162  }
   163  
   164  func (c *ACLCaches) PutPolicy(policyId string, policy *ACLPolicy) {
   165  	if c == nil || c.policies == nil {
   166  		return
   167  	}
   168  
   169  	c.policies.Add(policyId, &PolicyCacheEntry{Policy: policy, CacheTime: time.Now()})
   170  }
   171  
   172  func (c *ACLCaches) PutParsedPolicy(id string, policy *acl.Policy) {
   173  	if c == nil || c.parsedPolicies == nil {
   174  		return
   175  	}
   176  
   177  	c.parsedPolicies.Add(id, &ParsedPolicyCacheEntry{Policy: policy, CacheTime: time.Now()})
   178  }
   179  
   180  func (c *ACLCaches) PutAuthorizer(id string, authorizer acl.Authorizer) {
   181  	if c == nil || c.authorizers == nil {
   182  		return
   183  	}
   184  
   185  	c.authorizers.Add(id, &AuthorizerCacheEntry{Authorizer: authorizer, CacheTime: time.Now()})
   186  }
   187  
   188  func (c *ACLCaches) PutAuthorizerWithTTL(id string, authorizer acl.Authorizer, ttl time.Duration) {
   189  	if c == nil || c.authorizers == nil {
   190  		return
   191  	}
   192  
   193  	c.authorizers.Add(id, &AuthorizerCacheEntry{Authorizer: authorizer, CacheTime: time.Now(), TTL: ttl})
   194  }
   195  
   196  func (c *ACLCaches) RemoveIdentity(id string) {
   197  	if c != nil && c.identities != nil {
   198  		c.identities.Remove(id)
   199  	}
   200  }
   201  
   202  func (c *ACLCaches) RemovePolicy(policyID string) {
   203  	if c != nil && c.policies != nil {
   204  		c.policies.Remove(policyID)
   205  	}
   206  }
   207  
   208  func (c *ACLCaches) Purge() {
   209  	if c != nil {
   210  		if c.identities != nil {
   211  			c.identities.Purge()
   212  		}
   213  		if c.policies != nil {
   214  			c.policies.Purge()
   215  		}
   216  		if c.parsedPolicies != nil {
   217  			c.parsedPolicies.Purge()
   218  		}
   219  		if c.authorizers != nil {
   220  			c.authorizers.Purge()
   221  		}
   222  	}
   223  }