// Get Roles Settings on Etcd instance
func getConfigRoles(c client.Client) []client.Role {
r := ParametriClusters{}
rapi := client.NewAuthRoleAPI(c)
role, err := rapi.ListRoles(context.Background())
if err != nil {
log.Printf(err.Error())
} else {
log.Printf("Ruoli:\n")
for _, value := range role {
log.Printf("%v\n", value)
cr := client.Role{}
cr.Role = value
role, err := rapi.GetRole(context.Background(), cr.Role)
if err != nil {
log.Printf(err.Error())
} else {
log.Printf("Ruoli: %v\n\t e Permessi:\n Read: %v\n\t Write: %v\n\t", role.Role, role.Permissions.KV.Read, role.Permissions.KV.Write)
}
cr.Permissions.KV.Read = role.Permissions.KV.Read
cr.Permissions.KV.Write = role.Permissions.KV.Write
r.RoleConfig = append(r.RoleConfig, cr)
}
}
return r.RoleConfig
}
// Add a Role on Etcd
func EtcdAddRole(c client.Client, role client.Role) (string, string) {
rapi := client.NewAuthRoleAPI(c)
err := rapi.AddRole(context.Background(), role.Role)
if err != nil {
log.Printf("Errore: %v", err)
return "", err.Error()
}
_, err = rapi.GrantRoleKV(context.Background(), role.Role, role.Permissions.KV.Read, client.ReadPermission)
if err != nil {
log.Printf("Errore: %v", err)
return "", err.Error()
}
_, err = rapi.GrantRoleKV(context.Background(), role.Role, role.Permissions.KV.Write, client.WritePermission)
if err != nil {
log.Printf("Errore: %v", err)
return "", err.Error()
}
return SUCCESS_ROLE, ""
}
func mustNewAuthRoleAPI(c *cli.Context) client.AuthRoleAPI {
hc := mustNewClient(c)
if c.GlobalBool("debug") {
fmt.Fprintf(os.Stderr, "Cluster-Endpoints: %s\n", strings.Join(hc.Endpoints(), ", "))
}
return client.NewAuthRoleAPI(hc)
}
// Change Etcd Role Permissions
func EtcdChangeRolePermissions(c client.Client, role client.Role,
roleReadPermissionsBegin, roleWritePermissionsBegin,
roleReadPermissionsEnd, roleWritePermissionsEnd string) (string, string) {
rapi := client.NewAuthRoleAPI(c)
grantReadPermissions := getGrant(roleReadPermissionsBegin, roleReadPermissionsEnd)
if len(grantReadPermissions) > 0 {
_, err := rapi.GrantRoleKV(context.Background(), role.Role, grantReadPermissions, client.ReadPermission)
if err != nil {
log.Printf("Errore: %v", err)
return "", err.Error()
}
}
revokeReadPermissions := getRevoke(roleReadPermissionsBegin, roleReadPermissionsEnd)
if len(revokeReadPermissions) > 0 {
_, err := rapi.RevokeRoleKV(context.Background(), role.Role, revokeReadPermissions, client.ReadPermission)
if err != nil {
log.Printf("Errore: %v", err)
return "", err.Error()
}
}
grantWritePermissions := getGrant(roleWritePermissionsBegin, roleWritePermissionsEnd)
if len(grantWritePermissions) > 0 {
_, err := rapi.GrantRoleKV(context.Background(), role.Role, grantWritePermissions, client.WritePermission)
if err != nil {
log.Printf("Errore: %v", err)
return "", err.Error()
}
}
revokeWritePermissions := getRevoke(roleWritePermissionsBegin, roleWritePermissionsEnd)
if len(revokeWritePermissions) > 0 {
_, err := rapi.RevokeRoleKV(context.Background(), role.Role, revokeWritePermissions, client.WritePermission)
if err != nil {
log.Printf("Errore: %v", err)
return "", err.Error()
}
}
return SUCCESS_CHANGE_PERMISSION, ""
}
// Delete Etcd Role
func EtcdDeleteRole(c client.Client, role client.Role) (string, string) {
rapi := client.NewAuthRoleAPI(c)
etcdRevokeUserRelationshipRole(c, role)
err := rapi.RemoveRole(context.Background(), role.Role)
if err != nil {
log.Printf("Errore: " + err.Error())
return "", err.Error()
}
log.Printf("Ruolo rimosso con successo")
return SUCCESS_DELETE_ROLE, ""
}
// New constructs a new kvdb.Kvdb.
func New(
domain string,
machines []string,
options map[string]string,
fatalErrorCb kvdb.FatalErrorCB,
) (kvdb.Kvdb, error) {
if len(machines) == 0 {
machines = defaultMachines
}
etcdCommon := ec.NewEtcdCommon(options)
tls, username, password, err := etcdCommon.GetAuthInfoFromOptions()
if err != nil {
return nil, err
}
tr, err := transport.NewTransport(tls, ec.DefaultDialTimeout)
if err != nil {
return nil, err
}
cfg := e.Config{
Endpoints: machines,
Transport: tr,
Username: username,
Password: password,
// The time required for a request to fail - 30 sec
HeaderTimeoutPerRequest: time.Duration(10) * time.Second,
}
c, err := e.New(cfg)
if err != nil {
return nil, err
}
if domain != "" && !strings.HasSuffix(domain, "/") {
domain = domain + "/"
}
return &etcdKV{
common.BaseKvdb{FatalCb: fatalErrorCb},
e.NewKeysAPI(c),
e.NewAuthUserAPI(c),
e.NewAuthRoleAPI(c),
domain,
etcdCommon,
}, nil
}
