-
Notifications
You must be signed in to change notification settings - Fork 18
/
Copy pathauth.go
75 lines (62 loc) · 1.59 KB
/
auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
package client
import (
"strings"
"go.etcd.io/etcd/api/v3/authpb"
clientv3 "go.etcd.io/etcd/client/v3"
)
func (clt *EtcdHRCHYClient) permPath(key string) (string, error) {
if key != "0" && !strings.HasPrefix(key, "/") {
return "", ErrorInvalidKey
}
return clt.rootKey + key, nil
}
func (clt *EtcdHRCHYClient) RoleGrantPermission(name string, key, rangeEnd string, ty clientv3.PermissionType) error {
key, err := clt.permPath(key)
if err != nil {
return err
}
// rangeEnd == "" means only set key
if rangeEnd != "" {
rangeEnd, err = clt.permPath(rangeEnd)
if err != nil {
return err
}
}
_, err = clt.client.RoleGrantPermission(clt.ctx, name, key, rangeEnd, ty)
return err
}
type Perm struct {
PermType string `json:"perm_type"`
Key string `json:"key"`
RangeEnd string `json:"range_end"`
}
func (clt *EtcdHRCHYClient) GetRolePerms(name string) ([]*Perm, error) {
resp, err := clt.client.RoleGet(clt.ctx, name)
if err != nil {
return nil, err
}
perms := []*Perm{}
for _, p := range resp.Perm {
perm := &Perm{
Key: clt.trimRootKey(string(p.Key)),
RangeEnd: clt.trimRootKey(string(p.RangeEnd)),
PermType: authpb.Permission_Type_name[int32(p.PermType)],
}
perms = append(perms, perm)
}
return perms, nil
}
func (clt *EtcdHRCHYClient) RoleRevokePermission(name string, key, rangeEnd string) error {
key, _, err := clt.ensureKey(key)
if err != nil {
return err
}
if rangeEnd != "" {
rangeEnd, _, err = clt.ensureKey(rangeEnd)
if err != nil {
return err
}
}
_, err = clt.client.RoleRevokePermission(clt.ctx, name, key, rangeEnd)
return err
}