nomad: Upsert and Delete ACL policies can take a list

2026-01-05 01:45:44 +03:00 · 2017-08-07 15:01:25 -07:00
parent 15729bf82f
commit 3e02e273d3
2 changed files with 33 additions and 32 deletions
--- a/nomad/state/state_store.go
+++ b/nomad/state/state_store.go
@@ -2788,29 +2788,31 @@ func (s *StateStore) addEphemeralDiskToTaskGroups(job *structs.Job) {
 	}
 }

-// UpsertACLPolicy is used to create or update an ACL policy
-func (s *StateStore) UpsertACLPolicy(index uint64, policy *structs.ACLPolicy) error {
+// UpsertACLPolicies is used to create or update a set of ACL policies
+func (s *StateStore) UpsertACLPolicies(index uint64, policies []*structs.ACLPolicy) error {
 	txn := s.db.Txn(true)
 	defer txn.Abort()

-	// Check if the policy already exists
-	existing, err := txn.First("acl_policy", "id", policy.Name)
-	if err != nil {
-		return fmt.Errorf("policy lookup failed: %v", err)
-	}
+	for _, policy := range policies {
+		// Check if the policy already exists
+		existing, err := txn.First("acl_policy", "id", policy.Name)
+		if err != nil {
+			return fmt.Errorf("policy lookup failed: %v", err)
+		}

-	// Update all the indexes
-	if existing != nil {
-		policy.CreateIndex = existing.(*structs.ACLPolicy).CreateIndex
-		policy.ModifyIndex = index
-	} else {
-		policy.CreateIndex = index
-		policy.ModifyIndex = index
-	}
+		// Update all the indexes
+		if existing != nil {
+			policy.CreateIndex = existing.(*structs.ACLPolicy).CreateIndex
+			policy.ModifyIndex = index
+		} else {
+			policy.CreateIndex = index
+			policy.ModifyIndex = index
+		}

-	// Update the policy
-	if err := txn.Insert("acl_policy", policy); err != nil {
-		return fmt.Errorf("upserting policy failed: %v", err)
+		// Update the policy
+		if err := txn.Insert("acl_policy", policy); err != nil {
+			return fmt.Errorf("upserting policy failed: %v", err)
+		}
 	}

 	// Update the indexes tabl
@@ -2822,14 +2824,16 @@ func (s *StateStore) UpsertACLPolicy(index uint64, policy *structs.ACLPolicy) er
 	return nil
 }

-// DeleteACLPolicy deletes the policy with the given name
-func (s *StateStore) DeleteACLPolicy(index uint64, name string) error {
+// DeleteACLPolicies deletes the policies with the given names
+func (s *StateStore) DeleteACLPolicies(index uint64, names []string) error {
 	txn := s.db.Txn(true)
 	defer txn.Abort()

 	// Delete the policy
-	if _, err := txn.DeleteAll("acl_policy", "id", name); err != nil {
-		return fmt.Errorf("deleting acl policy failed: %v", err)
+	for _, name := range names {
+		if _, err := txn.DeleteAll("acl_policy", "id", name); err != nil {
+			return fmt.Errorf("deleting acl policy failed: %v", err)
+		}
 	}
 	if err := txn.Insert("index", &IndexEntry{"acl_policy", index}); err != nil {
 		return fmt.Errorf("index update failed: %v", err)
--- a/nomad/state/state_store_test.go
+++ b/nomad/state/state_store_test.go
@@ -5838,14 +5838,8 @@ func TestStateStore_UpsertACLPolicy(t *testing.T) {
 		t.Fatalf("err: %v", err)
 	}

-	if err := state.UpsertACLPolicy(1000, policy); err != nil {
-		t.Fatalf("err: %v", err)
-	}
-	if !watchFired(ws) {
-		t.Fatalf("bad")
-	}
-
-	if err := state.UpsertACLPolicy(1001, policy2); err != nil {
+	if err := state.UpsertACLPolicies(1000,
+		[]*structs.ACLPolicy{policy, policy2}); err != nil {
 		t.Fatalf("err: %v", err)
 	}
 	if !watchFired(ws) {
@@ -5895,9 +5889,11 @@ func TestStateStore_UpsertACLPolicy(t *testing.T) {
 func TestStateStore_DeleteACLPolicy(t *testing.T) {
 	state := testStateStore(t)
 	policy := mock.ACLPolicy()
+	policy2 := mock.ACLPolicy()

 	// Create the policy
-	if err := state.UpsertACLPolicy(1000, policy); err != nil {
+	if err := state.UpsertACLPolicies(1000,
+		[]*structs.ACLPolicy{policy, policy2}); err != nil {
 		t.Fatalf("err: %v", err)
 	}

@@ -5908,7 +5904,8 @@ func TestStateStore_DeleteACLPolicy(t *testing.T) {
 	}

 	// Delete the policy
-	if err := state.DeleteACLPolicy(1001, policy.Name); err != nil {
+	if err := state.DeleteACLPolicies(1001,
+		[]string{policy.Name, policy2.Name}); err != nil {
 		t.Fatalf("err: %v", err)
 	}