From dc3fd4df659bb35d7858714a429fc797bf5f1222 Mon Sep 17 00:00:00 2001
From: Alex Auvolat <alex@adnab.me>
Date: Tue, 9 Mar 2021 18:24:30 +0100
Subject: [PATCH] Use consul's stale reads by default

---
 main.go     | 56 ++++++++++++++++++++++++++++++++++++-----------------
 memberof.go |  2 +-
 read.go     |  2 +-
 write.go    |  4 ++--
 4 files changed, 42 insertions(+), 22 deletions(-)

diff --git a/main.go b/main.go
index 532c8c6..5f309bc 100644
--- a/main.go
+++ b/main.go
@@ -34,24 +34,30 @@ const ATTR_MEMBER = "member"
 const ATTR_USERPASSWORD = "userpassword"
 
 type ConfigFile struct {
-	Suffix        string   `json:"suffix"`
-	Bind          string   `json:"bind"`
-	BindSecure    string   `json:"bind_secure"`
-	ConsulHost    string   `json:"consul_host"`
-	Acl           []string `json:"acl"`
-	TLSCertFile   string   `json:"tls_cert_file"`
-	TLSKeyFile    string   `json:"tls_key_file"`
-	TLSServerName string   `json:"tls_server_name"`
-	LogLevel      string   `json:"log_level"`
+	Suffix     string `json:"suffix"`
+	Bind       string `json:"bind"`
+	BindSecure string `json:"bind_secure"`
+	LogLevel   string `json:"log_level"`
+
+	ConsulHost       string `json:"consul_host"`
+	ConsulConsistent bool   `json:"consul_force_consistency"`
+
+	Acl []string `json:"acl"`
+
+	TLSCertFile   string `json:"tls_cert_file"`
+	TLSKeyFile    string `json:"tls_key_file"`
+	TLSServerName string `json:"tls_server_name"`
 }
 
 type Config struct {
 	Suffix     string
 	Bind       string
 	BindSecure string
-	ConsulHost string
 	LogLevel   log.Level
 
+	ConsulHost       string
+	ConsulConsistent bool
+
 	Acl ACL
 
 	TLSConfig *tls.Config
@@ -60,7 +66,9 @@ type Config struct {
 type Server struct {
 	logger *log.Logger
 	config Config
-	kv     *consul.KV
+
+	kv       *consul.KV
+	readOpts consul.QueryOptions
 }
 
 type State struct {
@@ -105,9 +113,12 @@ func readConfig(logger *log.Logger) Config {
 		Suffix:     config_file.Suffix,
 		Bind:       config_file.Bind,
 		BindSecure: config_file.BindSecure,
-		ConsulHost: config_file.ConsulHost,
-		Acl:        acl,
 		LogLevel:   log_level,
+
+		ConsulHost:       config_file.ConsulHost,
+		ConsulConsistent: config_file.ConsulConsistent,
+
+		Acl: acl,
 	}
 
 	if config_file.TLSCertFile != "" && config_file.TLSKeyFile != "" && config_file.TLSServerName != "" {
@@ -164,13 +175,22 @@ func main() {
 	if err != nil {
 		logger.Fatal(err)
 	}
+
 	kv := consul_client.KV()
+	readOpts := consul.QueryOptions{}
+	if config.ConsulConsistent {
+		logger.Info("Using consistent reads on Consul database, this may lead to performance degradation. Set \"consul_force_consistency\": false in your config file if you have performance issues.")
+		readOpts.RequireConsistent = true
+	} else {
+		readOpts.AllowStale = true
+	}
 
 	// Create bottin server
 	bottin := Server{
-		logger: logger,
-		config: config,
-		kv:     kv,
+		logger:   logger,
+		config:   config,
+		kv:       kv,
+		readOpts: readOpts,
 	}
 	err = bottin.init()
 	if err != nil {
@@ -384,7 +404,7 @@ func (server *Server) getAttribute(dn string, attr string) ([]string, error) {
 		return nil, err
 	}
 
-	pairs, _, err := server.kv.List(path+"/attribute=", nil)
+	pairs, _, err := server.kv.List(path+"/attribute=", &server.readOpts)
 	if err != nil {
 		return nil, err
 	}
@@ -409,7 +429,7 @@ func (server *Server) objectExists(dn string) (bool, error) {
 		return false, err
 	}
 
-	data, _, err := server.kv.List(prefix+"/attribute=", nil)
+	data, _, err := server.kv.List(prefix+"/attribute=", &server.readOpts)
 	if err != nil {
 		return false, err
 	}
diff --git a/memberof.go b/memberof.go
index e07ed6c..786de4f 100644
--- a/memberof.go
+++ b/memberof.go
@@ -72,7 +72,7 @@ func (server *Server) memberOfResync() error {
 		return err
 	}
 
-	data, _, err := server.kv.List(basePath, nil)
+	data, _, err := server.kv.List(basePath, &server.readOpts)
 	if err != nil {
 		return err
 	}
diff --git a/read.go b/read.go
index 0868624..b139175 100644
--- a/read.go
+++ b/read.go
@@ -109,7 +109,7 @@ func (server *Server) handleSearchInternal(state *State, w ldap.ResponseWriter,
 		basePath += "/"
 	}
 
-	data, _, err := server.kv.List(basePath, nil)
+	data, _, err := server.kv.List(basePath, &server.readOpts)
 	if err != nil {
 		return ldap.LDAPResultOperationsError, err
 	}
diff --git a/write.go b/write.go
index 3f0033f..41d00c6 100644
--- a/write.go
+++ b/write.go
@@ -186,7 +186,7 @@ func (server *Server) handleDeleteInternal(state *State, r *message.DelRequest)
 		return ldap.LDAPResultInvalidDNSyntax, err
 	}
 
-	items, _, err := server.kv.List(path+"/", nil)
+	items, _, err := server.kv.List(path+"/", &server.readOpts)
 	if err != nil {
 		return ldap.LDAPResultOperationsError, err
 	}
@@ -299,7 +299,7 @@ func (server *Server) handleModifyInternal(state *State, r *message.ModifyReques
 		return ldap.LDAPResultInvalidDNSyntax, err
 	}
 
-	items, _, err := server.kv.List(path+"/attribute=", nil)
+	items, _, err := server.kv.List(path+"/attribute=", &server.readOpts)
 	if err != nil {
 		return ldap.LDAPResultOperationsError, err
 	}