// Get returns a single prepared query by ID. func (p *PreparedQuery) Get(args *structs.PreparedQuerySpecificRequest, reply *structs.IndexedPreparedQueries) error { if done, err := p.srv.forward("PreparedQuery.Get", args, args, reply); done { return err } // Get the requested query. state := p.srv.fsm.State() return p.srv.blockingRPC( &args.QueryOptions, &reply.QueryMeta, state.GetQueryWatch("PreparedQueryGet"), func() error { index, query, err := state.PreparedQueryGet(args.QueryID) if err != nil { return err } if query == nil { return ErrQueryNotFound } // If no prefix ACL applies to this query, then they are // always allowed to see it if they have the ID. We still // have to filter the remaining object for tokens. reply.Index = index reply.Queries = structs.PreparedQueries{query} if _, ok := query.GetACLPrefix(); !ok { return p.srv.filterACL(args.Token, &reply.Queries[0]) } // Otherwise, attempt to filter it the usual way. if err := p.srv.filterACL(args.Token, reply); err != nil { return err } // Since this is a GET of a specific query, if ACLs have // prevented us from returning something that exists, // then alert the user with a permission denied error. if len(reply.Queries) == 0 { p.srv.logger.Printf("[WARN] consul.prepared_query: Request to get prepared query '%s' denied due to ACLs", args.QueryID) return permissionDeniedErr } return nil }) }
// preparedQueryList returns all the prepared queries. func (s *HTTPServer) preparedQueryList(resp http.ResponseWriter, req *http.Request) (interface{}, error) { var args structs.DCSpecificRequest if done := s.parse(resp, req, &args.Datacenter, &args.QueryOptions); done { return nil, nil } var reply structs.IndexedPreparedQueries endpoint := s.agent.getEndpoint(preparedQueryEndpoint) if err := s.agent.RPC(endpoint+".List", &args, &reply); err != nil { return nil, err } // Use empty list instead of nil. if reply.Queries == nil { reply.Queries = make(structs.PreparedQueries, 0) } return reply.Queries, nil }
// Get returns a single prepared query by ID. func (p *PreparedQuery) Get(args *structs.PreparedQuerySpecificRequest, reply *structs.IndexedPreparedQueries) error { if done, err := p.srv.forward("PreparedQuery.Get", args, args, reply); done { return err } // We will use this in the loop to see if the caller is allowed to see // the query. acl, err := p.srv.resolveToken(args.Token) if err != nil { return err } // Get the requested query. state := p.srv.fsm.State() return p.srv.blockingRPC( &args.QueryOptions, &reply.QueryMeta, state.GetQueryWatch("PreparedQueryGet"), func() error { index, query, err := state.PreparedQueryGet(args.QueryID) if err != nil { return err } if query == nil { return ErrQueryNotFound } if (query.Token != args.Token) && (acl != nil && !acl.QueryList()) { p.srv.logger.Printf("[WARN] consul.prepared_query: Request to get prepared query '%s' denied because ACL didn't match ACL used to create the query, and a management token wasn't supplied", args.QueryID) return permissionDeniedErr } reply.Index = index reply.Queries = structs.PreparedQueries{query} return nil }) return nil }