kemko/nomad
1
0
Fork 0
mirror of https://github.com/kemko/nomad.git synced 2026-01-10 04:15:41 +03:00
Code Issues Packages Projects Releases Wiki Activity

nomad: use hashes for efficient token/policy diffing

Browse Source
This commit is contained in:
Armon Dadgar
2017-08-30 10:06:56 -07:00
parent 84d87948f6
commit ad4aeec085
3 changed files with 19 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
nomad/leader.go
View File

@@ -1,6 +1,7 @@
package nomad
import (
"bytes"
"context"
"errors"
"fmt"
@@ -770,7 +771,7 @@ ERR_WAIT:
// be deleted or updated.
func diffACLPolicies(state *state.StateStore, minIndex uint64, remoteList []*structs.ACLPolicyListStub) (delete []string, update []string) {
// Construct a set of the local and remote policies
local := make(map[string]struct{})
local := make(map[string][]byte)
remote := make(map[string]struct{})
// Add all the local policies
@@ -784,7 +785,7 @@ func diffACLPolicies(state *state.StateStore, minIndex uint64, remoteList []*str
break
}
policy := raw.(*structs.ACLPolicy)
local[policy.Name] = struct{}{}
local[policy.Name] = policy.Hash
}
// Iterate over the remote policies
@@ -792,14 +793,11 @@ func diffACLPolicies(state *state.StateStore, minIndex uint64, remoteList []*str
remote[rp.Name] = struct{}{}
// Check if the policy is missing locally
if _, ok := local[rp.Name]; !ok {
if localHash, ok := local[rp.Name]; !ok {
update = append(update, rp.Name)
// Check if policy is newer remotely
// TODO: Eventually would be nice to use a policy
// hash or something to avoid fetching policies that
// are unchanged.
} else if rp.ModifyIndex > minIndex {
// Check if policy is newer remotely and there is a hash mis-match.
} else if rp.ModifyIndex > minIndex && !bytes.Equal(localHash, rp.Hash) {
update = append(update, rp.Name)
}
}
@@ -915,7 +913,7 @@ ERR_WAIT:
// be deleted or updated.
func diffACLTokens(state *state.StateStore, minIndex uint64, remoteList []*structs.ACLTokenListStub) (delete []string, update []string) {
// Construct a set of the local and remote policies
local := make(map[string]struct{})
local := make(map[string][]byte)
remote := make(map[string]struct{})
// Add all the local global tokens
@@ -929,7 +927,7 @@ func diffACLTokens(state *state.StateStore, minIndex uint64, remoteList []*struc
break
}
token := raw.(*structs.ACLToken)
local[token.AccessorID] = struct{}{}
local[token.AccessorID] = token.Hash
}
// Iterate over the remote tokens
@@ -937,14 +935,11 @@ func diffACLTokens(state *state.StateStore, minIndex uint64, remoteList []*struc
remote[rp.AccessorID] = struct{}{}
// Check if the token is missing locally
if _, ok := local[rp.AccessorID]; !ok {
if localHash, ok := local[rp.AccessorID]; !ok {
update = append(update, rp.AccessorID)
// Check if token is newer remotely
// TODO: Eventually would be nice to use an object
// hash or something to avoid fetching tokens that
// are unchanged.
} else if rp.ModifyIndex > minIndex {
// Check if policy is newer remotely and there is a hash mis-match.
} else if rp.ModifyIndex > minIndex && !bytes.Equal(localHash, rp.Hash) {
update = append(update, rp.AccessorID)
}
}

2
nomad/leader_test.go
View File

@@ -683,6 +683,7 @@ func TestLeader_DiffACLPolicies(t *testing.T) {
p2Stub.ModifyIndex = 50 // Ignored, same index
p3Stub := p3.Stub()
p3Stub.ModifyIndex = 100 // Updated, higher index
p3Stub.Hash = []byte{0, 1, 2, 3}
p4 := mock.ACLPolicy()
remoteList := []*structs.ACLPolicyListStub{
p2Stub,
@@ -759,6 +760,7 @@ func TestLeader_DiffACLTokens(t *testing.T) {
p2Stub.ModifyIndex = 50 // Ignored, same index
p3Stub := p3.Stub()
p3Stub.ModifyIndex = 100 // Updated, higher index
p3Stub.Hash = []byte{0, 1, 2, 3}
p4 := mock.ACLToken()
p4.Global = true
remoteList := []*structs.ACLTokenListStub{

8
nomad/mock/mock.go
View File

@@ -339,7 +339,7 @@ func PlanResult() *structs.PlanResult {
}
func ACLPolicy() *structs.ACLPolicy {
return &structs.ACLPolicy{
ap := &structs.ACLPolicy{
Name: fmt.Sprintf("policy-%s", structs.GenerateUUID()),
Description: "Super cool policy!",
Rules: `
@@ -356,10 +356,12 @@ func ACLPolicy() *structs.ACLPolicy {
CreateIndex: 10,
ModifyIndex: 20,
}
ap.SetHash()
return ap
}
func ACLToken() *structs.ACLToken {
return &structs.ACLToken{
tk := &structs.ACLToken{
AccessorID: structs.GenerateUUID(),
SecretID: structs.GenerateUUID(),
Name: "my cool token " + structs.GenerateUUID(),
@@ -370,6 +372,8 @@ func ACLToken() *structs.ACLToken {
CreateIndex: 10,
ModifyIndex: 20,
}
tk.SetHash()
return tk
}
func ACLManagementToken() *structs.ACLToken {