Exemplo n.º 1
0
// filterChecks redacts checks that the token doesn't have access to.
func (a *Agent) filterChecks(token string, checks *map[types.CheckID]*structs.HealthCheck) error {
	// Resolve the token and bail if ACLs aren't enabled.
	acl, err := a.resolveToken(token)
	if err != nil {
		return err
	}
	if acl == nil {
		return nil
	}

	// Filter out checks based on the node or service policy.
	for id, check := range *checks {
		if len(check.ServiceName) > 0 {
			if acl.ServiceRead(check.ServiceName) {
				continue
			}
		} else {
			if acl.NodeRead(a.config.NodeName) {
				continue
			}
		}
		a.logger.Printf("[DEBUG] agent: dropping check %q from result due to ACLs", id)
		delete(*checks, id)
	}
	return nil
}
Exemplo n.º 2
0
// filterServices redacts services that the token doesn't have access to.
func (a *Agent) filterServices(token string, services *map[string]*structs.NodeService) error {
	// Resolve the token and bail if ACLs aren't enabled.
	acl, err := a.resolveToken(token)
	if err != nil {
		return err
	}
	if acl == nil {
		return nil
	}

	// Filter out services based on the service policy.
	for id, service := range *services {
		if acl.ServiceRead(service.Service) {
			continue
		}
		a.logger.Printf("[DEBUG] agent: dropping service %q from result due to ACLs", id)
		delete(*services, id)
	}
	return nil
}