// Get User Settings on etcd instance
func getConfigUsers(c client.Client) []client.User {
u := ParametriClusters{}
uapi := client.NewAuthUserAPI(c)
users, err := uapi.ListUsers(context.Background())
if err != nil {
log.Printf(err.Error())
} else {
log.Printf("Utenti:\n")
for _, value := range users {
log.Printf("%v\n", value)
cu := client.User{}
cu.User = value
user, _ := uapi.GetUser(context.Background(), cu.User)
if err != nil {
log.Printf(err.Error())
} else {
log.Printf("Utente: %v\n\t e Ruoli: %v", user.User, user.Roles)
cu.Roles = user.Roles
}
u.UserConfig = append(u.UserConfig, cu)
}
}
return u.UserConfig
}
// function that revoke the role (that will be deleted) from users
func etcdRevokeUserRelationshipRole(c client.Client, role client.Role) {
uapi := client.NewAuthUserAPI(c)
users, err := uapi.ListUsers(context.Background())
if err != nil {
log.Printf(err.Error())
} else {
log.Printf("Utenti:\n")
for _, value := range users {
log.Printf("%v\n", value)
user, err := uapi.GetUser(context.Background(), value)
if err != nil {
log.Printf(err.Error())
} else {
log.Printf("Utente: %v\n\t e Ruoli: %v", user.User, user.Roles)
for _, v := range user.Roles {
if v == role.Role {
_, err = uapi.RevokeUser(context.Background(), user.User, []string{role.Role})
if err != nil {
log.Printf("Errore: %v", err)
}
}
}
}
}
}
}
// Change Etcd User Password
func EtcdChangeUser(c client.Client, utente client.User, userRolesBegin, userRolesEnd string) (string, string) {
uapi := client.NewAuthUserAPI(c)
if utente.Password > "" {
_, err := uapi.ChangePassword(context.Background(), utente.User, utente.Password)
if err != nil {
log.Printf("Errore: %v", err)
return "", err.Error()
}
}
grantRoles := getGrant(userRolesBegin, userRolesEnd)
if len(grantRoles) > 0 {
_, err := uapi.GrantUser(context.Background(), utente.User, grantRoles)
if err != nil {
log.Printf("Errore: %v", err)
return "", err.Error()
}
}
revokeRoles := getRevoke(userRolesBegin, userRolesEnd)
if len(revokeRoles) > 0 {
_, err := uapi.RevokeUser(context.Background(), utente.User, revokeRoles)
if err != nil {
log.Printf("Errore: %v", err)
return "", err.Error()
}
}
return SUCCESS_USER_UPDATE, ""
}
// Add an User on Etcd
func EtcdAddUser(c client.Client, utente client.User) (string, string) {
uapi := client.NewAuthUserAPI(c)
err := uapi.AddUser(context.Background(), utente.User, utente.Password)
if err != nil {
log.Printf("Errore: %v", err)
return "", err.Error()
}
if utente.User == "root" {
aapi := client.NewAuthAPI(c)
err = aapi.Enable(context.Background())
if err != nil {
log.Fatal("Errore: %v", err)
}
return SUCCESS_ADMIN, ""
}
if len(utente.Roles) > 0 {
_, err = uapi.GrantUser(context.Background(), utente.User, utente.Roles)
if err != nil {
log.Printf("Errore: %v", err)
return "", err.Error()
}
}
return SUCCESS_USER, ""
}
func mustNewAuthUserAPI(c *cli.Context) client.AuthUserAPI {
hc := mustNewClient(c)
if c.GlobalBool("debug") {
fmt.Fprintf(os.Stderr, "Cluster-Endpoints: %s\n", strings.Join(hc.Endpoints(), ", "))
}
return client.NewAuthUserAPI(hc)
}
// Check if the user that trying login is ad admin
func CheckLoginAdmin(utente client.User) bool {
c := GetEtcdAuthClient(utente)
auth := client.NewAuthUserAPI(c)
_, err := auth.GetUser(context.Background(), utente.User)
if err != nil {
return false
}
return true
}
// Delete Etcd User
func EtcdDeleteUser(c client.Client, utente client.User) (string, string) {
uapi := client.NewAuthUserAPI(c)
err := uapi.RemoveUser(context.Background(), utente.User)
if err != nil {
log.Printf("Errore: %v", err)
return "", err.Error()
}
log.Printf("Utente rimosso con successo")
return SUCCESS_DELETE_USER, ""
}
// Check Etcd Admin
func CheckEtcdAdminNotExist(utente client.User) bool {
c := GetEtcdClient()
auth := client.NewAuthUserAPI(c)
_, err := auth.GetUser(context.Background(), utente.User)
if err != nil {
if /*strings.Contains(err.Error(), ERRORE_LOGIN) ||*/
strings.Contains(err.Error(), ERRORE_ADMIN) {
return true
}
}
return false
}
// New constructs a new kvdb.Kvdb.
func New(
domain string,
machines []string,
options map[string]string,
fatalErrorCb kvdb.FatalErrorCB,
) (kvdb.Kvdb, error) {
if len(machines) == 0 {
machines = defaultMachines
}
etcdCommon := ec.NewEtcdCommon(options)
tls, username, password, err := etcdCommon.GetAuthInfoFromOptions()
if err != nil {
return nil, err
}
tr, err := transport.NewTransport(tls, ec.DefaultDialTimeout)
if err != nil {
return nil, err
}
cfg := e.Config{
Endpoints: machines,
Transport: tr,
Username: username,
Password: password,
// The time required for a request to fail - 30 sec
HeaderTimeoutPerRequest: time.Duration(10) * time.Second,
}
c, err := e.New(cfg)
if err != nil {
return nil, err
}
if domain != "" && !strings.HasSuffix(domain, "/") {
domain = domain + "/"
}
return &etcdKV{
common.BaseKvdb{FatalCb: fatalErrorCb},
e.NewKeysAPI(c),
e.NewAuthUserAPI(c),
e.NewAuthRoleAPI(c),
domain,
etcdCommon,
}, nil
}