func clusterTxn(view db.Database, stitch stitch.Stitch) error {
namespace := stitch.QueryString("Namespace")
if namespace == "" {
namespace = "DEFAULT_NAMESPACE"
msg := "policy did not specify 'Namespace', defaulting to '%s'"
log.Warn(fmt.Sprintf(msg, namespace))
}
cluster, err := view.GetCluster()
if err != nil {
cluster = view.InsertCluster()
}
cluster.Namespace = namespace
cluster.Spec = stitch.String()
view.Commit(cluster)
return nil
}
func updateTxn(view db.Database) error {
cluster, err := view.GetCluster()
if err != nil {
return err
}
stitch, err := stitch.FromJSON(cluster.Spec)
if err != nil {
return err
}
cluster.Namespace = stitch.Namespace
view.Commit(cluster)
machineTxn(view, stitch)
aclTxn(view, stitch)
return nil
}
func aclTxn(view db.Database, stitch stitch.Stitch) error {
cluster, err := view.GetCluster()
if err != nil {
return err
}
machines := view.SelectFromMachine(func(m db.Machine) bool {
return m.PublicIP != ""
})
acls := resolveACLs(stitch.QueryStrSlice("AdminACL"))
for _, m := range machines {
acls = append(acls, m.PublicIP+"/32")
}
sort.Strings(acls)
cluster.ACLs = acls
view.Commit(cluster)
return nil
}
