Use consul's stale reads by default

This commit is contained in:
Alex 2021-03-09 18:24:30 +01:00
parent b17e3fe3c7
commit dc3fd4df65
4 changed files with 42 additions and 22 deletions

56
main.go
View file

@ -34,24 +34,30 @@ const ATTR_MEMBER = "member"
const ATTR_USERPASSWORD = "userpassword"
type ConfigFile struct {
Suffix string `json:"suffix"`
Bind string `json:"bind"`
BindSecure string `json:"bind_secure"`
ConsulHost string `json:"consul_host"`
Acl []string `json:"acl"`
TLSCertFile string `json:"tls_cert_file"`
TLSKeyFile string `json:"tls_key_file"`
TLSServerName string `json:"tls_server_name"`
LogLevel string `json:"log_level"`
Suffix string `json:"suffix"`
Bind string `json:"bind"`
BindSecure string `json:"bind_secure"`
LogLevel string `json:"log_level"`
ConsulHost string `json:"consul_host"`
ConsulConsistent bool `json:"consul_force_consistency"`
Acl []string `json:"acl"`
TLSCertFile string `json:"tls_cert_file"`
TLSKeyFile string `json:"tls_key_file"`
TLSServerName string `json:"tls_server_name"`
}
type Config struct {
Suffix string
Bind string
BindSecure string
ConsulHost string
LogLevel log.Level
ConsulHost string
ConsulConsistent bool
Acl ACL
TLSConfig *tls.Config
@ -60,7 +66,9 @@ type Config struct {
type Server struct {
logger *log.Logger
config Config
kv *consul.KV
kv *consul.KV
readOpts consul.QueryOptions
}
type State struct {
@ -105,9 +113,12 @@ func readConfig(logger *log.Logger) Config {
Suffix: config_file.Suffix,
Bind: config_file.Bind,
BindSecure: config_file.BindSecure,
ConsulHost: config_file.ConsulHost,
Acl: acl,
LogLevel: log_level,
ConsulHost: config_file.ConsulHost,
ConsulConsistent: config_file.ConsulConsistent,
Acl: acl,
}
if config_file.TLSCertFile != "" && config_file.TLSKeyFile != "" && config_file.TLSServerName != "" {
@ -164,13 +175,22 @@ func main() {
if err != nil {
logger.Fatal(err)
}
kv := consul_client.KV()
readOpts := consul.QueryOptions{}
if config.ConsulConsistent {
logger.Info("Using consistent reads on Consul database, this may lead to performance degradation. Set \"consul_force_consistency\": false in your config file if you have performance issues.")
readOpts.RequireConsistent = true
} else {
readOpts.AllowStale = true
}
// Create bottin server
bottin := Server{
logger: logger,
config: config,
kv: kv,
logger: logger,
config: config,
kv: kv,
readOpts: readOpts,
}
err = bottin.init()
if err != nil {
@ -384,7 +404,7 @@ func (server *Server) getAttribute(dn string, attr string) ([]string, error) {
return nil, err
}
pairs, _, err := server.kv.List(path+"/attribute=", nil)
pairs, _, err := server.kv.List(path+"/attribute=", &server.readOpts)
if err != nil {
return nil, err
}
@ -409,7 +429,7 @@ func (server *Server) objectExists(dn string) (bool, error) {
return false, err
}
data, _, err := server.kv.List(prefix+"/attribute=", nil)
data, _, err := server.kv.List(prefix+"/attribute=", &server.readOpts)
if err != nil {
return false, err
}

View file

@ -72,7 +72,7 @@ func (server *Server) memberOfResync() error {
return err
}
data, _, err := server.kv.List(basePath, nil)
data, _, err := server.kv.List(basePath, &server.readOpts)
if err != nil {
return err
}

View file

@ -109,7 +109,7 @@ func (server *Server) handleSearchInternal(state *State, w ldap.ResponseWriter,
basePath += "/"
}
data, _, err := server.kv.List(basePath, nil)
data, _, err := server.kv.List(basePath, &server.readOpts)
if err != nil {
return ldap.LDAPResultOperationsError, err
}

View file

@ -186,7 +186,7 @@ func (server *Server) handleDeleteInternal(state *State, r *message.DelRequest)
return ldap.LDAPResultInvalidDNSyntax, err
}
items, _, err := server.kv.List(path+"/", nil)
items, _, err := server.kv.List(path+"/", &server.readOpts)
if err != nil {
return ldap.LDAPResultOperationsError, err
}
@ -299,7 +299,7 @@ func (server *Server) handleModifyInternal(state *State, r *message.ModifyReques
return ldap.LDAPResultInvalidDNSyntax, err
}
items, _, err := server.kv.List(path+"/attribute=", nil)
items, _, err := server.kv.List(path+"/attribute=", &server.readOpts)
if err != nil {
return ldap.LDAPResultOperationsError, err
}