v1.1.9

分支 (94)

标签 (731)

管理

管理

master

staging

release-24.3

release-24.1

release-24.2

release-23.1

release-23.2

release-24.3.1-rc

release-24.2.6-rc

blathers/backport-release-24.3-136159

blathers/backport-release-24.3-136140

release-24.3.0-rc

blathers/backport-release-23.2-136115

release-24.1.8-rc

release-23.2.17-rc

blathers/backport-release-24.1-135970

blathers/backport-release-24.2-135970

blathers/backport-release-24.3-135970

blathers/backport-release-24.3-135778

release-23.1.30-rc

@cockroachlabs/cluster-ui@24.3.3

v24.3.0-rc.1

v23.2.16

v23.2.15

v23.1.29

v24.1.7

v24.2.5

@cockroachlabs/cluster-ui@24.3.2

@cockroachlabs/cluster-ui@24.3.1

v24.3.0-beta.3

v23.2.14

v24.3.0-beta.2

@cockroachlabs/cluster-ui@24.3.0-prerelease.4

@cockroachlabs/cluster-ui@23.2.10

@cockroachlabs/cluster-ui@24.1.4

@cockroachlabs/cluster-ui@24.2.2

v24.3.0-beta.1

@cockroachlabs/cluster-ui@24.3.0-prerelease.3

@cockroachlabs/cluster-ui@24.3.0-prerelease.2

@cockroachlabs/cluster-ui@24.3.0-prerelease.1

cockroach
/
pkg
/
cli
/
user.go

// Copyright 2015 The Cockroach Authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
// implied. See the License for the specific language governing
// permissions and limitations under the License.

package cli

import (
	"os"

	"github.com/spf13/cobra"

	"github.com/cockroachdb/cockroach/pkg/security"
	"github.com/cockroachdb/cockroach/pkg/sql"
)

var password bool

// A getUserCmd command displays the config for the specified username.
var getUserCmd = &cobra.Command{
	Use:   "get [options] <username>",
	Short: "fetches and displays a user",
	Long: `
Fetches and displays the user for <username>.
`,
	RunE: MaybeDecorateGRPCError(runGetUser),
}

func runGetUser(cmd *cobra.Command, args []string) error {
	if len(args) != 1 {
		return usageAndError(cmd)
	}
	conn, err := getPasswordAndMakeSQLClient()
	if err != nil {
		return err
	}
	defer conn.Close()
	return runQueryAndFormatResults(conn, os.Stdout,
		makeQuery(`SELECT * FROM system.users WHERE username=$1`, args[0]))
}

// A lsUsersCmd command displays a list of users.
var lsUsersCmd = &cobra.Command{
	Use:   "ls [options]",
	Short: "list all users",
	Long: `
List all users.
`,
	RunE: MaybeDecorateGRPCError(runLsUsers),
}

func runLsUsers(cmd *cobra.Command, args []string) error {
	if len(args) > 0 {
		return usageAndError(cmd)
	}
	conn, err := getPasswordAndMakeSQLClient()
	if err != nil {
		return err
	}
	defer conn.Close()
	return runQueryAndFormatResults(conn, os.Stdout,
		makeQuery(`SELECT username FROM system.users`))
}

// A rmUserCmd command removes the user for the specified username.
var rmUserCmd = &cobra.Command{
	Use:   "rm [options] <username>",
	Short: "remove a user",
	Long: `
Remove an existing user by username.
`,
	RunE: MaybeDecorateGRPCError(runRmUser),
}

func runRmUser(cmd *cobra.Command, args []string) error {
	if len(args) != 1 {
		return usageAndError(cmd)
	}
	conn, err := getPasswordAndMakeSQLClient()
	if err != nil {
		return err
	}
	defer conn.Close()
	return runQueryAndFormatResults(conn, os.Stdout,
		makeQuery(`DELETE FROM system.users WHERE username=$1`, args[0]))
}

// A setUserCmd command creates a new or updates an existing user.
var setUserCmd = &cobra.Command{
	Use:   "set [options] <username>",
	Short: "create or update a user",
	Long: `
Create or update a user for the specified username, prompting
for the password.

Valid usernames contain 1 to 63 alphanumeric characters. They must
begin with either a letter or an underscore. Subsequent characters
may be letters, numbers, or underscores.
`,
	RunE: MaybeDecorateGRPCError(runSetUser),
}

// runSetUser prompts for a password, then inserts the user and hash
// into the system.users table.
// TODO(marc): once we have more fields in the user, we will need
// to allow changing just some of them (eg: change email, but leave password).
func runSetUser(cmd *cobra.Command, args []string) error {
	if len(args) != 1 {
		return usageAndError(cmd)
	}
	var err error
	var username string
	if username, err = sql.NormalizeAndValidateUsername(args[0]); err != nil {
		return err
	}
	var hashed []byte
	if password {
		if hashed, err = security.PromptForPasswordAndHash(); err != nil {
			return err
		}
	}

	conn, err := getPasswordAndMakeSQLClient()
	if err != nil {
		return err
	}
	defer conn.Close()
	// TODO(asubiotto): Implement appropriate server-side authorization rules
	// for users to be able to change their own passwords.
	return runQueryAndFormatResults(conn, os.Stdout,
		makeQuery(`UPSERT INTO system.users VALUES ($1, $2)`, username, hashed))
}

var userCmds = []*cobra.Command{
	getUserCmd,
	lsUsersCmd,
	rmUserCmd,
	setUserCmd,
}

var userCmd = &cobra.Command{
	Use:   "user",
	Short: "get, set, list and remove users",
	RunE: func(cmd *cobra.Command, args []string) error {
		return cmd.Usage()
	},
}

func init() {
	userCmd.AddCommand(userCmds...)
}