// Get User Settings on etcd instance
func getConfigUsers(c client.Client) []client.User {
	u := ParametriClusters{}

	uapi := client.NewAuthUserAPI(c)

	users, err := uapi.ListUsers(context.Background())
	if err != nil {
		log.Printf(err.Error())
	} else {
		log.Printf("Utenti:\n")

		for _, value := range users {
			log.Printf("%v\n", value)

			cu := client.User{}

			cu.User = value

			user, _ := uapi.GetUser(context.Background(), cu.User)
			if err != nil {
				log.Printf(err.Error())
			} else {
				log.Printf("Utente: %v\n\t e Ruoli: %v", user.User, user.Roles)
				cu.Roles = user.Roles
			}

			u.UserConfig = append(u.UserConfig, cu)
		}
	}

	return u.UserConfig
}
// function that revoke the role (that will be deleted) from users
func etcdRevokeUserRelationshipRole(c client.Client, role client.Role) {

	uapi := client.NewAuthUserAPI(c)

	users, err := uapi.ListUsers(context.Background())

	if err != nil {
		log.Printf(err.Error())
	} else {
		log.Printf("Utenti:\n")

		for _, value := range users {
			log.Printf("%v\n", value)

			user, err := uapi.GetUser(context.Background(), value)
			if err != nil {
				log.Printf(err.Error())
			} else {
				log.Printf("Utente: %v\n\t e Ruoli: %v", user.User, user.Roles)

				for _, v := range user.Roles {
					if v == role.Role {
						_, err = uapi.RevokeUser(context.Background(), user.User, []string{role.Role})
						if err != nil {
							log.Printf("Errore: %v", err)
						}
					}
				}
			}
		}
	}
}
// Change Etcd User Password
func EtcdChangeUser(c client.Client, utente client.User, userRolesBegin, userRolesEnd string) (string, string) {

	uapi := client.NewAuthUserAPI(c)

	if utente.Password > "" {
		_, err := uapi.ChangePassword(context.Background(), utente.User, utente.Password)

		if err != nil {
			log.Printf("Errore: %v", err)
			return "", err.Error()
		}
	}

	grantRoles := getGrant(userRolesBegin, userRolesEnd)

	if len(grantRoles) > 0 {
		_, err := uapi.GrantUser(context.Background(), utente.User, grantRoles)
		if err != nil {
			log.Printf("Errore: %v", err)
			return "", err.Error()
		}
	}

	revokeRoles := getRevoke(userRolesBegin, userRolesEnd)

	if len(revokeRoles) > 0 {
		_, err := uapi.RevokeUser(context.Background(), utente.User, revokeRoles)
		if err != nil {
			log.Printf("Errore: %v", err)
			return "", err.Error()
		}
	}

	return SUCCESS_USER_UPDATE, ""
}
// Add an User on Etcd
func EtcdAddUser(c client.Client, utente client.User) (string, string) {

	uapi := client.NewAuthUserAPI(c)

	err := uapi.AddUser(context.Background(), utente.User, utente.Password)

	if err != nil {
		log.Printf("Errore: %v", err)
		return "", err.Error()
	}

	if utente.User == "root" {
		aapi := client.NewAuthAPI(c)
		err = aapi.Enable(context.Background())
		if err != nil {
			log.Fatal("Errore: %v", err)
		}

		return SUCCESS_ADMIN, ""
	}

	if len(utente.Roles) > 0 {
		_, err = uapi.GrantUser(context.Background(), utente.User, utente.Roles)

		if err != nil {
			log.Printf("Errore: %v", err)
			return "", err.Error()
		}
	}

	return SUCCESS_USER, ""
}
Esempio n. 5
0
func mustNewAuthUserAPI(c *cli.Context) client.AuthUserAPI {
	hc := mustNewClient(c)

	if c.GlobalBool("debug") {
		fmt.Fprintf(os.Stderr, "Cluster-Endpoints: %s\n", strings.Join(hc.Endpoints(), ", "))
	}

	return client.NewAuthUserAPI(hc)
}
// Check if the user that trying login is ad admin
func CheckLoginAdmin(utente client.User) bool {
	c := GetEtcdAuthClient(utente)

	auth := client.NewAuthUserAPI(c)

	_, err := auth.GetUser(context.Background(), utente.User)

	if err != nil {
		return false
	}

	return true
}
// Delete Etcd User
func EtcdDeleteUser(c client.Client, utente client.User) (string, string) {
	uapi := client.NewAuthUserAPI(c)

	err := uapi.RemoveUser(context.Background(), utente.User)
	if err != nil {
		log.Printf("Errore: %v", err)
		return "", err.Error()
	}

	log.Printf("Utente rimosso con successo")

	return SUCCESS_DELETE_USER, ""
}
// Check Etcd Admin
func CheckEtcdAdminNotExist(utente client.User) bool {

	c := GetEtcdClient()

	auth := client.NewAuthUserAPI(c)

	_, err := auth.GetUser(context.Background(), utente.User)

	if err != nil {
		if /*strings.Contains(err.Error(), ERRORE_LOGIN) ||*/
		strings.Contains(err.Error(), ERRORE_ADMIN) {
			return true
		}
	}
	return false
}
Esempio n. 9
0
// New constructs a new kvdb.Kvdb.
func New(
	domain string,
	machines []string,
	options map[string]string,
	fatalErrorCb kvdb.FatalErrorCB,
) (kvdb.Kvdb, error) {
	if len(machines) == 0 {
		machines = defaultMachines
	}

	etcdCommon := ec.NewEtcdCommon(options)
	tls, username, password, err := etcdCommon.GetAuthInfoFromOptions()
	if err != nil {
		return nil, err
	}
	tr, err := transport.NewTransport(tls, ec.DefaultDialTimeout)
	if err != nil {
		return nil, err
	}
	cfg := e.Config{
		Endpoints: machines,
		Transport: tr,
		Username:  username,
		Password:  password,
		// The time required for a request to fail - 30 sec
		HeaderTimeoutPerRequest: time.Duration(10) * time.Second,
	}
	c, err := e.New(cfg)
	if err != nil {
		return nil, err
	}
	if domain != "" && !strings.HasSuffix(domain, "/") {
		domain = domain + "/"
	}
	return &etcdKV{
		common.BaseKvdb{FatalCb: fatalErrorCb},
		e.NewKeysAPI(c),
		e.NewAuthUserAPI(c),
		e.NewAuthRoleAPI(c),
		domain,
		etcdCommon,
	}, nil
}