From fcb8831868b7dce144955fd12bd2f71dca7d30d4 Mon Sep 17 00:00:00 2001 From: Michael Schurter Date: Mon, 19 Dec 2022 09:56:28 -0800 Subject: [PATCH] Migrate acls to generics (#13721) * Migrate acls to generics See hashicorp/go-immutable-radix#43 * deps: fixup go.mod formatting Co-authored-by: Seth Hoenig --- acl/acl.go | 54 ++++++++++++++++++++++++++---------------------------- go.mod | 14 ++++++++------ go.sum | 21 +++++++++++++-------- 3 files changed, 47 insertions(+), 42 deletions(-) diff --git a/acl/acl.go b/acl/acl.go index 5c1c33222..41a793fe1 100644 --- a/acl/acl.go +++ b/acl/acl.go @@ -5,7 +5,7 @@ import ( "sort" "strings" - iradix "github.com/hashicorp/go-immutable-radix" + iradix "github.com/hashicorp/go-immutable-radix/v2" glob "github.com/ryanuber/go-glob" ) @@ -48,21 +48,21 @@ type ACL struct { management bool // namespaces maps a namespace to a capabilitySet - namespaces *iradix.Tree + namespaces *iradix.Tree[capabilitySet] // wildcardNamespaces maps a glob pattern of a namespace to a capabilitySet // We use an iradix for the purposes of ordered iteration. - wildcardNamespaces *iradix.Tree + wildcardNamespaces *iradix.Tree[capabilitySet] // hostVolumes maps a named host volume to a capabilitySet - hostVolumes *iradix.Tree + hostVolumes *iradix.Tree[capabilitySet] // wildcardHostVolumes maps a glob pattern of host volume names to a capabilitySet // We use an iradix for the purposes of ordered iteration. - wildcardHostVolumes *iradix.Tree + wildcardHostVolumes *iradix.Tree[capabilitySet] - variables *iradix.Tree - wildcardVariables *iradix.Tree + variables *iradix.Tree[capabilitySet] + wildcardVariables *iradix.Tree[capabilitySet] agent string node string @@ -97,12 +97,12 @@ func NewACL(management bool, policies []*Policy) (*ACL, error) { // Create the ACL object acl := &ACL{} - nsTxn := iradix.New().Txn() - wnsTxn := iradix.New().Txn() - hvTxn := iradix.New().Txn() - whvTxn := iradix.New().Txn() - svTxn := iradix.New().Txn() - wsvTxn := iradix.New().Txn() + nsTxn := iradix.New[capabilitySet]().Txn() + wnsTxn := iradix.New[capabilitySet]().Txn() + hvTxn := iradix.New[capabilitySet]().Txn() + whvTxn := iradix.New[capabilitySet]().Txn() + svTxn := iradix.New[capabilitySet]().Txn() + wsvTxn := iradix.New[capabilitySet]().Txn() for _, policy := range policies { NAMESPACES: @@ -116,7 +116,7 @@ func NewACL(management bool, policies []*Policy) (*ACL, error) { if globDefinition { raw, ok := wnsTxn.Get([]byte(ns.Name)) if ok { - capabilities = raw.(capabilitySet) + capabilities = raw } else { capabilities = make(capabilitySet) wnsTxn.Insert([]byte(ns.Name), capabilities) @@ -124,7 +124,7 @@ func NewACL(management bool, policies []*Policy) (*ACL, error) { } else { raw, ok := nsTxn.Get([]byte(ns.Name)) if ok { - capabilities = raw.(capabilitySet) + capabilities = raw } else { capabilities = make(capabilitySet) nsTxn.Insert([]byte(ns.Name), capabilities) @@ -138,7 +138,7 @@ func NewACL(management bool, policies []*Policy) (*ACL, error) { if globDefinition || strings.Contains(pathPolicy.PathSpec, "*") { raw, ok := wsvTxn.Get(key) if ok { - svCapabilities = raw.(capabilitySet) + svCapabilities = raw } else { svCapabilities = make(capabilitySet) } @@ -146,7 +146,7 @@ func NewACL(management bool, policies []*Policy) (*ACL, error) { } else { raw, ok := svTxn.Get(key) if ok { - svCapabilities = raw.(capabilitySet) + svCapabilities = raw } else { svCapabilities = make(capabilitySet) } @@ -186,7 +186,7 @@ func NewACL(management bool, policies []*Policy) (*ACL, error) { if globDefinition { raw, ok := whvTxn.Get([]byte(hv.Name)) if ok { - capabilities = raw.(capabilitySet) + capabilities = raw } else { capabilities = make(capabilitySet) whvTxn.Insert([]byte(hv.Name), capabilities) @@ -194,7 +194,7 @@ func NewACL(management bool, policies []*Policy) (*ACL, error) { } else { raw, ok := hvTxn.Get([]byte(hv.Name)) if ok { - capabilities = raw.(capabilitySet) + capabilities = raw } else { capabilities = make(capabilitySet) hvTxn.Insert([]byte(hv.Name), capabilities) @@ -401,7 +401,7 @@ func (a *ACL) matchingNamespaceCapabilitySet(ns string) (capabilitySet, bool) { // Check for a concrete matching capability set raw, ok := a.namespaces.Get([]byte(ns)) if ok { - return raw.(capabilitySet), true + return raw, true } // We didn't find a concrete match, so lets try and evaluate globs. @@ -429,8 +429,7 @@ func (a *ACL) anyNamespaceAllowsAnyOp() bool { func (a *ACL) anyNamespaceAllows(cb func(capabilitySet) bool) bool { allow := false - checkFn := func(_ []byte, iv interface{}) bool { - v := iv.(capabilitySet) + checkFn := func(_ []byte, v capabilitySet) bool { allow = cb(v) return allow } @@ -453,7 +452,7 @@ func (a *ACL) matchingHostVolumeCapabilitySet(name string) (capabilitySet, bool) // Check for a concrete matching capability set raw, ok := a.hostVolumes.Get([]byte(name)) if ok { - return raw.(capabilitySet), true + return raw, true } // We didn't find a concrete match, so lets try and evaluate globs. @@ -469,7 +468,7 @@ func (a *ACL) matchingVariablesCapabilitySet(ns, path string) (capabilitySet, bo // Check for a concrete matching capability set raw, ok := a.variables.Get([]byte(ns + "\x00" + path)) if ok { - return raw.(capabilitySet), true + return raw, true } // We didn't find a concrete match, so lets try and evaluate globs. @@ -482,7 +481,7 @@ type matchingGlob struct { capabilitySet capabilitySet } -func (a *ACL) findClosestMatchingGlob(radix *iradix.Tree, ns string) (capabilitySet, bool) { +func (a *ACL) findClosestMatchingGlob(radix *iradix.Tree[capabilitySet], ns string) (capabilitySet, bool) { // First, find all globs that match. matchingGlobs := findAllMatchingWildcards(radix, ns) @@ -506,14 +505,13 @@ func (a *ACL) findClosestMatchingGlob(radix *iradix.Tree, ns string) (capability return matchingGlobs[0].capabilitySet, true } -func findAllMatchingWildcards(radix *iradix.Tree, name string) []matchingGlob { +func findAllMatchingWildcards(radix *iradix.Tree[capabilitySet], name string) []matchingGlob { var matches []matchingGlob nsLen := len(name) - radix.Root().Walk(func(bk []byte, iv interface{}) bool { + radix.Root().Walk(func(bk []byte, v capabilitySet) bool { k := string(bk) - v := iv.(capabilitySet) isMatch := glob.Glob(k, name) if isMatch { diff --git a/go.mod b/go.mod index 90d4e0fd6..445384f72 100644 --- a/go.mod +++ b/go.mod @@ -56,7 +56,7 @@ require ( github.com/hashicorp/go-envparse v0.0.0-20180119215841-310ca1881b22 github.com/hashicorp/go-getter v1.6.2 github.com/hashicorp/go-hclog v1.3.1 - github.com/hashicorp/go-immutable-radix v1.3.1 + github.com/hashicorp/go-immutable-radix/v2 v2.0.0 github.com/hashicorp/go-kms-wrapping/v2 v2.0.5 github.com/hashicorp/go-memdb v1.3.4 github.com/hashicorp/go-msgpack v1.1.5 @@ -119,10 +119,10 @@ require ( github.com/zclconf/go-cty-yaml v1.0.3 go.etcd.io/bbolt v1.3.6 go.uber.org/goleak v1.2.0 - golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d - golang.org/x/exp v0.0.0-20220921164117-439092de6870 + golang.org/x/crypto v0.1.0 + golang.org/x/exp v0.0.0-20221215174704-0915cd710c24 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 - golang.org/x/sys v0.2.0 + golang.org/x/sys v0.1.0 golang.org/x/time v0.0.0-20220224211638-0e9765cccd65 google.golang.org/grpc v1.51.0 google.golang.org/protobuf v1.28.1 @@ -205,6 +205,7 @@ require ( github.com/gophercloud/gophercloud v0.1.0 // indirect github.com/gorilla/mux v1.8.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect + github.com/hashicorp/go-immutable-radix v1.3.1 // indirect github.com/hashicorp/go-retryablehttp v0.7.0 // indirect github.com/hashicorp/go-rootcerts v1.0.2 // indirect github.com/hashicorp/go-safetemp v1.0.0 // indirect @@ -212,6 +213,7 @@ require ( github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6 // indirect github.com/hashicorp/go-secure-stdlib/reloadutil v0.1.1 // indirect github.com/hashicorp/go-secure-stdlib/tlsutil v0.1.2 // indirect + github.com/hashicorp/golang-lru/v2 v2.0.0 // indirect github.com/hashicorp/mdns v1.0.4 // indirect github.com/hashicorp/vault/api/auth/kubernetes v0.3.0 // indirect github.com/hashicorp/vic v1.5.1-0.20190403131502-bbfe86ec9443 // indirect @@ -268,12 +270,12 @@ require ( github.com/yusufpapurcu/wmi v1.2.2 // indirect go.opencensus.io v0.23.0 // indirect go.uber.org/atomic v1.9.0 // indirect - golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect + golang.org/x/mod v0.6.0 // indirect golang.org/x/net v0.1.0 // indirect golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect golang.org/x/term v0.1.0 // indirect golang.org/x/text v0.4.0 // indirect - golang.org/x/tools v0.1.12 // indirect + golang.org/x/tools v0.2.0 // indirect golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect google.golang.org/api v0.60.0 // indirect google.golang.org/appengine v1.6.7 // indirect diff --git a/go.sum b/go.sum index 38a4e0631..83827fb25 100644 --- a/go.sum +++ b/go.sum @@ -698,6 +698,8 @@ github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjh github.com/hashicorp/go-immutable-radix v1.3.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJFeZnpfm2KLowc= github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= +github.com/hashicorp/go-immutable-radix/v2 v2.0.0 h1:nq9lQ5I71Heg2lRb2/+szuIWKY3Y73d8YKyXyN91WzU= +github.com/hashicorp/go-immutable-radix/v2 v2.0.0/go.mod h1:hgdqLXA4f6NIjRVisM1TJ9aOJVNRqKZj+xDGF6m7PBw= github.com/hashicorp/go-kms-wrapping/entropy/v2 v2.0.0/go.mod h1:xvb32K2keAc+R8DSFG2IwDcydK9DBQE+fGA5fsw6hSk= github.com/hashicorp/go-kms-wrapping/v2 v2.0.5 h1:rOFDv+3k05mnW0oaDLffhVUwg03Csn0mvfO98Wdd2bE= github.com/hashicorp/go-kms-wrapping/v2 v2.0.5/go.mod h1:sDQAfwJGv25uGPZA04x87ERglCG6avnRcBT9wYoMII8= @@ -762,6 +764,8 @@ github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc= github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= +github.com/hashicorp/golang-lru/v2 v2.0.0 h1:Lf+9eD8m5pncvHAOCQj49GSN6aQI8XGfI5OpXNkoWaA= +github.com/hashicorp/golang-lru/v2 v2.0.0/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM= github.com/hashicorp/hcl v1.0.1-0.20201016140508-a07e7d50bbee h1:8B4HqvMUtYSjsGkYjiQGStc9pXffY2J+Z2SPQAj+wMY= github.com/hashicorp/hcl v1.0.1-0.20201016140508-a07e7d50bbee/go.mod h1:gwlu9+/P9MmKtYrMsHeFRZPXj2CTPm11TDnMeaRHS7g= github.com/hashicorp/hcl/v2 v2.9.2-0.20220525143345-ab3cae0737bc h1:32lGaCPq5JPYNgFFTjl/cTIar9UWWxCbimCs5G2hMHg= @@ -1352,8 +1356,8 @@ golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220517005047-85d78b3ac167/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d h1:sK3txAijHtOK88l68nt020reeT1ZdKLIYetKl95FzVY= -golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU= +golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -1364,8 +1368,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20220921164117-439092de6870 h1:j8b6j9gzSigH28O5SjSpQSSh9lFd6f5D/q0aHjNTulc= -golang.org/x/exp v0.0.0-20220921164117-439092de6870/go.mod h1:cyybsKvd6eL0RnXn6p/Grxp8F5bW7iYuBgsNCOHpMYE= +golang.org/x/exp v0.0.0-20221215174704-0915cd710c24 h1:6w3iSY8IIkp5OQtbYj8NeuKG1jS9d+kYaubXqsoOiQ8= +golang.org/x/exp v0.0.0-20221215174704-0915cd710c24/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -1393,8 +1397,9 @@ golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= -golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/mod v0.6.0 h1:b9gGHsz9/HhJ3HF5DHQytPpuwocVTChQJK3AvoLRD5I= +golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180530234432-1e491301e022/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -1612,9 +1617,8 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.2.0 h1:ljd4t30dBnAvMZaQCevtY0xLLD0A+bRZXbgLMLU1F/A= -golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0 h1:g6Z6vPFA9dYBAF7DWcH6sCcOntplXsDKcliusYijMlw= @@ -1707,8 +1711,9 @@ golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.12 h1:VveCTK38A2rkS8ZqFY25HIDFscX5X9OoEhJd3quQmXU= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/tools v0.2.0 h1:G6AHpWxTMGY1KyEYoAQ5WTtIekUUvDNjan3ugu60JvE= +golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=