登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
1 Star 0 Fork 0

流小强 / clientv3

代码 Issues 0 Pull Requests 0 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
role_commands.go 6.08 KB
一键复制 编辑 原始数据 按行查看 历史
流小强 提交于 2020-03-22 17:56 . etcdv3
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255
// Copyright 2015 The etcd Authors

//

// Licensed under the Apache License, Version 2.0 (the "License");

// you may not use this file except in compliance with the License.

// You may obtain a copy of the License at

//

//     http://www.apache.org/licenses/LICENSE-2.0

//

// Unless required by applicable law or agreed to in writing, software

// distributed under the License is distributed on an "AS IS" BASIS,

// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

// See the License for the specific language governing permissions and

// limitations under the License.



package command



import (

	"fmt"

	"os"

	"reflect"

	"strings"



	"github.com/urfave/cli"

	"go.etcd.io/etcd/client"

	"go.etcd.io/etcd/pkg/pathutil"

)



func NewRoleCommands() cli.Command {

	return cli.Command{

		Name:  "role",

		Usage: "role add, grant and revoke subcommands",

		Subcommands: []cli.Command{

			{

				Name:      "add",

				Usage:     "add a new role for the etcd cluster",

				ArgsUsage: "<role> ",

				Action:    actionRoleAdd,

			},

			{

				Name:      "get",

				Usage:     "get details for a role",

				ArgsUsage: "<role>",

				Action:    actionRoleGet,

			},

			{

				Name:      "list",

				Usage:     "list all roles",

				ArgsUsage: " ",

				Action:    actionRoleList,

			},

			{

				Name:      "remove",

				Usage:     "remove a role from the etcd cluster",

				ArgsUsage: "<role>",

				Action:    actionRoleRemove,

			},

			{

				Name:      "grant",

				Usage:     "grant path matches to an etcd role",

				ArgsUsage: "<role>",

				Flags: []cli.Flag{

					cli.StringFlag{Name: "path", Value: "", Usage: "Path granted for the role to access"},

					cli.BoolFlag{Name: "read", Usage: "Grant read-only access"},

					cli.BoolFlag{Name: "write", Usage: "Grant write-only access"},

					cli.BoolFlag{Name: "readwrite, rw", Usage: "Grant read-write access"},

				},

				Action: actionRoleGrant,

			},

			{

				Name:      "revoke",

				Usage:     "revoke path matches for an etcd role",

				ArgsUsage: "<role>",

				Flags: []cli.Flag{

					cli.StringFlag{Name: "path", Value: "", Usage: "Path revoked for the role to access"},

					cli.BoolFlag{Name: "read", Usage: "Revoke read access"},

					cli.BoolFlag{Name: "write", Usage: "Revoke write access"},

					cli.BoolFlag{Name: "readwrite, rw", Usage: "Revoke read-write access"},

				},

				Action: actionRoleRevoke,

			},

		},

	}

}



func mustNewAuthRoleAPI(c *cli.Context) client.AuthRoleAPI {

	hc := mustNewClient(c)



	if c.GlobalBool("debug") {

		fmt.Fprintf(os.Stderr, "Cluster-Endpoints: %s\n", strings.Join(hc.Endpoints(), ", "))

	}



	return client.NewAuthRoleAPI(hc)

}



func actionRoleList(c *cli.Context) error {

	if len(c.Args()) != 0 {

		fmt.Fprintln(os.Stderr, "No arguments accepted")

		os.Exit(1)

	}

	r := mustNewAuthRoleAPI(c)

	ctx, cancel := contextWithTotalTimeout(c)

	roles, err := r.ListRoles(ctx)

	cancel()

	if err != nil {

		fmt.Fprintln(os.Stderr, err.Error())

		os.Exit(1)

	}



	for _, role := range roles {

		fmt.Printf("%s\n", role)

	}



	return nil

}



func actionRoleAdd(c *cli.Context) error {

	api, role := mustRoleAPIAndName(c)

	ctx, cancel := contextWithTotalTimeout(c)

	defer cancel()

	currentRole, _ := api.GetRole(ctx, role)

	if currentRole != nil {

		fmt.Fprintf(os.Stderr, "Role %s already exists\n", role)

		os.Exit(1)

	}



	err := api.AddRole(ctx, role)

	if err != nil {

		fmt.Fprintln(os.Stderr, err.Error())

		os.Exit(1)

	}



	fmt.Printf("Role %s created\n", role)

	return nil

}



func actionRoleRemove(c *cli.Context) error {

	api, role := mustRoleAPIAndName(c)

	ctx, cancel := contextWithTotalTimeout(c)

	err := api.RemoveRole(ctx, role)

	cancel()

	if err != nil {

		fmt.Fprintln(os.Stderr, err.Error())

		os.Exit(1)

	}



	fmt.Printf("Role %s removed\n", role)

	return nil

}



func actionRoleGrant(c *cli.Context) error {

	roleGrantRevoke(c, true)

	return nil

}



func actionRoleRevoke(c *cli.Context) error {

	roleGrantRevoke(c, false)

	return nil

}



func roleGrantRevoke(c *cli.Context, grant bool) {

	path := c.String("path")

	if path == "" {

		fmt.Fprintln(os.Stderr, "No path specified; please use `--path`")

		os.Exit(1)

	}

	if pathutil.CanonicalURLPath(path) != path {

		fmt.Fprintf(os.Stderr, "Not canonical path; please use `--path=%s`\n", pathutil.CanonicalURLPath(path))

		os.Exit(1)

	}



	read := c.Bool("read")

	write := c.Bool("write")

	rw := c.Bool("readwrite")

	permcount := 0

	for _, v := range []bool{read, write, rw} {

		if v {

			permcount++

		}

	}

	if permcount != 1 {

		fmt.Fprintln(os.Stderr, "Please specify exactly one of --read, --write or --readwrite")

		os.Exit(1)

	}

	var permType client.PermissionType

	switch {

	case read:

		permType = client.ReadPermission

	case write:

		permType = client.WritePermission

	case rw:

		permType = client.ReadWritePermission

	}



	api, role := mustRoleAPIAndName(c)

	ctx, cancel := contextWithTotalTimeout(c)

	defer cancel()

	currentRole, err := api.GetRole(ctx, role)

	if err != nil {

		fmt.Fprintln(os.Stderr, err.Error())

		os.Exit(1)

	}

	var newRole *client.Role

	if grant {

		newRole, err = api.GrantRoleKV(ctx, role, []string{path}, permType)

	} else {

		newRole, err = api.RevokeRoleKV(ctx, role, []string{path}, permType)

	}

	if err != nil {

		fmt.Fprintln(os.Stderr, err.Error())

		os.Exit(1)

	}

	if reflect.DeepEqual(newRole, currentRole) {

		if grant {

			fmt.Printf("Role unchanged; already granted")

		} else {

			fmt.Printf("Role unchanged; already revoked")

		}

	}



	fmt.Printf("Role %s updated\n", role)

}



func actionRoleGet(c *cli.Context) error {

	api, rolename := mustRoleAPIAndName(c)



	ctx, cancel := contextWithTotalTimeout(c)

	role, err := api.GetRole(ctx, rolename)

	cancel()

	if err != nil {

		fmt.Fprintln(os.Stderr, err.Error())

		os.Exit(1)

	}

	fmt.Printf("Role: %s\n", role.Role)

	fmt.Printf("KV Read:\n")

	for _, v := range role.Permissions.KV.Read {

		fmt.Printf("\t%s\n", v)

	}

	fmt.Printf("KV Write:\n")

	for _, v := range role.Permissions.KV.Write {

		fmt.Printf("\t%s\n", v)

	}

	return nil

}



func mustRoleAPIAndName(c *cli.Context) (client.AuthRoleAPI, string) {

	args := c.Args()

	if len(args) != 1 {

		fmt.Fprintln(os.Stderr, "Please provide a role name")

		os.Exit(1)

	}



	name := args[0]

	api := mustNewAuthRoleAPI(c)

	return api, name

}
1
https://gitee.com/liuzhiqiang9696/clientv3.git
git@gitee.com:liuzhiqiang9696/clientv3.git
liuzhiqiang9696
clientv3
clientv3
518322da16f5
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部