github.imxd.top/hashicorp/consul@v1.4.5/agent/token/store.go

github.imxd.top/hashicorp/consul@v1.4.5/agent/token/store.go (about)

     1  package token
     2  
     3  import (
     4  	"sync"
     5  )
     6  
     7  type TokenSource bool
     8  
     9  const (
    10  	TokenSourceConfig TokenSource = false
    11  	TokenSourceAPI    TokenSource = true
    12  )
    13  
    14  // Store is used to hold the special ACL tokens used by Consul agents. It is
    15  // designed to update the tokens on the fly, so the token store itself should be
    16  // plumbed around and used to get tokens at runtime, don't save the resulting
    17  // tokens.
    18  type Store struct {
    19  	// l synchronizes access to the token store.
    20  	l sync.RWMutex
    21  
    22  	// userToken is passed along for requests when the user didn't supply a
    23  	// token, and may be left blank to use the anonymous token. This will
    24  	// also be used for agent operations if the agent token isn't set.
    25  	userToken string
    26  
    27  	// userTokenSource indicates where this token originated from
    28  	userTokenSource TokenSource
    29  
    30  	// agentToken is used for internal agent operations like self-registering
    31  	// with the catalog and anti-entropy, but should never be used for
    32  	// user-initiated operations.
    33  	agentToken string
    34  
    35  	// agentTokenSource indicates where this token originated from
    36  	agentTokenSource TokenSource
    37  
    38  	// agentMasterToken is a special token that's only used locally for
    39  	// access to the /v1/agent utility operations if the servers aren't
    40  	// available.
    41  	agentMasterToken string
    42  
    43  	// agentMasterTokenSource indicates where this token originated from
    44  	agentMasterTokenSource TokenSource
    45  
    46  	// replicationToken is a special token that's used by servers to
    47  	// replicate data from the primary datacenter.
    48  	replicationToken string
    49  
    50  	// replicationTokenSource indicates where this token originated from
    51  	replicationTokenSource TokenSource
    52  }
    53  
    54  // UpdateUserToken replaces the current user token in the store.
    55  func (t *Store) UpdateUserToken(token string, source TokenSource) {
    56  	t.l.Lock()
    57  	t.userToken = token
    58  	t.userTokenSource = source
    59  	t.l.Unlock()
    60  }
    61  
    62  // UpdateAgentToken replaces the current agent token in the store.
    63  func (t *Store) UpdateAgentToken(token string, source TokenSource) {
    64  	t.l.Lock()
    65  	t.agentToken = token
    66  	t.agentTokenSource = source
    67  	t.l.Unlock()
    68  }
    69  
    70  // UpdateAgentMasterToken replaces the current agent master token in the store.
    71  func (t *Store) UpdateAgentMasterToken(token string, source TokenSource) {
    72  	t.l.Lock()
    73  	t.agentMasterToken = token
    74  	t.agentMasterTokenSource = source
    75  	t.l.Unlock()
    76  }
    77  
    78  // UpdateReplicationToken replaces the current replication token in the store.
    79  func (t *Store) UpdateReplicationToken(token string, source TokenSource) {
    80  	t.l.Lock()
    81  	t.replicationToken = token
    82  	t.replicationTokenSource = source
    83  	t.l.Unlock()
    84  }
    85  
    86  // UserToken returns the best token to use for user operations.
    87  func (t *Store) UserToken() string {
    88  	t.l.RLock()
    89  	defer t.l.RUnlock()
    90  
    91  	return t.userToken
    92  }
    93  
    94  // AgentToken returns the best token to use for internal agent operations.
    95  func (t *Store) AgentToken() string {
    96  	t.l.RLock()
    97  	defer t.l.RUnlock()
    98  
    99  	if t.agentToken != "" {
   100  		return t.agentToken
   101  	}
   102  	return t.userToken
   103  }
   104  
   105  func (t *Store) AgentMasterToken() string {
   106  	t.l.RLock()
   107  	defer t.l.RUnlock()
   108  
   109  	return t.agentMasterToken
   110  }
   111  
   112  // ReplicationToken returns the replication token.
   113  func (t *Store) ReplicationToken() string {
   114  	t.l.RLock()
   115  	defer t.l.RUnlock()
   116  
   117  	return t.replicationToken
   118  }
   119  
   120  // UserToken returns the best token to use for user operations.
   121  func (t *Store) UserTokenAndSource() (string, TokenSource) {
   122  	t.l.RLock()
   123  	defer t.l.RUnlock()
   124  
   125  	return t.userToken, t.userTokenSource
   126  }
   127  
   128  // AgentToken returns the best token to use for internal agent operations.
   129  func (t *Store) AgentTokenAndSource() (string, TokenSource) {
   130  	t.l.RLock()
   131  	defer t.l.RUnlock()
   132  
   133  	return t.agentToken, t.agentTokenSource
   134  }
   135  
   136  func (t *Store) AgentMasterTokenAndSource() (string, TokenSource) {
   137  	t.l.RLock()
   138  	defer t.l.RUnlock()
   139  
   140  	return t.agentMasterToken, t.agentMasterTokenSource
   141  }
   142  
   143  // ReplicationToken returns the replication token.
   144  func (t *Store) ReplicationTokenAndSource() (string, TokenSource) {
   145  	t.l.RLock()
   146  	defer t.l.RUnlock()
   147  
   148  	return t.replicationToken, t.replicationTokenSource
   149  }
   150  
   151  // IsAgentMasterToken checks to see if a given token is the agent master token.
   152  // This will never match an empty token for safety.
   153  func (t *Store) IsAgentMasterToken(token string) bool {
   154  	t.l.RLock()
   155  	defer t.l.RUnlock()
   156  
   157  	return (token != "") && (token == t.agentMasterToken)
   158  }