// KeyringOperation will query the WAN and LAN gossip keyrings of all nodes. func (m *Internal) KeyringOperation( args *structs.KeyringRequest, reply *structs.KeyringResponses) error { // Only perform WAN keyring querying and RPC forwarding once if !args.Forwarded { args.Forwarded = true m.executeKeyringOp(args, reply, true) return m.srv.globalRPC("Internal.KeyringOperation", args, reply) } // Query the LAN keyring of this node's DC m.executeKeyringOp(args, reply, false) return nil }
// KeyringOperation will query the WAN and LAN gossip keyrings of all nodes. func (m *Internal) KeyringOperation( args *structs.KeyringRequest, reply *structs.KeyringResponses) error { // Check ACLs acl, err := m.srv.resolveToken(args.Token) if err != nil { return err } if acl != nil { switch args.Operation { case structs.KeyringList: if !acl.KeyringRead() { return fmt.Errorf("Reading keyring denied by ACLs") } case structs.KeyringInstall: fallthrough case structs.KeyringUse: fallthrough case structs.KeyringRemove: if !acl.KeyringWrite() { return fmt.Errorf("Modifying keyring denied due to ACLs") } default: panic("Invalid keyring operation") } } // Only perform WAN keyring querying and RPC forwarding once if !args.Forwarded { args.Forwarded = true m.executeKeyringOp(args, reply, true) return m.srv.globalRPC("Internal.KeyringOperation", args, reply) } // Query the LAN keyring of this node's DC m.executeKeyringOp(args, reply, false) return nil }