Home Explore Help
Register Sign In
publics
/
etcd-io__etcd
0
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge pull request #7958 from heyitsanthony/perm-prefix

etcdctl: improve role --prefix flag
Anthony Romano 8 years ago
parent
378bac79e1 2f1467cb27
commit
f75e333264
2 changed files with 53 additions and 32 deletions
Split View Show Diff Stats
  1. 18 1
      etcdctl/README.md
  2. 35 31
      etcdctl/ctlv3/command/role_command.go

+ 18 - 1
etcdctl/README.md
View File 

@@ -961,25 +961,42 @@ RPC: RoleGrantPermission
 
 
 #### Options
 
 
+- from-key -- grant a permission of keys that are greater than or equal to the given key using byte compare
 
+
 
 - prefix -- grant a prefix permission
 
 
-#### Ouptut
 
+#### Output
 
 
 `Role <role name> updated`.
 
 
 #### Examples
 
 
+Grant read and write permission on the key `foo` to role `myrole`:
 
+
 
 ```bash
 
 ./etcdctl --user=root:123 role grant-permission myrole readwrite foo
 
 # Role myrole updated
 
 ```
 
 
+Grant read permission on the wildcard key pattern `foo/*` to role `myrole`:
 
+
 
+```bash
 
+./etcdctl --user=root:123 role grant-permission --prefix myrole readwrite foo/
 
+# Role myrole updated
 
+```
 
+
 
 ### ROLE REVOKE-PERMISSION \<role name\> \<permission type\> \<key\> [endkey]
 
 
 `role revoke-permission` revokes a key from a role.
 
 
 RPC: RoleRevokePermission
 
 
+#### Options
 
+
 
+- from-key -- revoke a permission of keys that are greater than or equal to the given key using byte compare
 
+
 
+- prefix -- revoke a prefix permission
 
+
 
 #### Output
 
 
 `Permission of key <key> is revoked from role <role name>` for single key. `Permission of range [<key>, <endkey>) is revoked from role <role name>` for a key range. Exit code is zero.

+ 35 - 31
etcdctl/ctlv3/command/role_command.go
View File 

@@ -23,8 +23,8 @@ import (
 
 )
 
 
 var (
 
-	grantPermissionPrefix bool
 
-	permFromKey           bool
 
+	rolePermPrefix  bool
 
+	rolePermFromKey bool
 
 )
 
 
 // NewRoleCommand returns the cobra command for "role".
 
@@ -83,8 +83,8 @@ func newRoleGrantPermissionCommand() *cobra.Command {
 
 		Run:   roleGrantPermissionCommandFunc,
 
 	}
 
 
-	cmd.Flags().BoolVar(&grantPermissionPrefix, "prefix", false, "grant a prefix permission")
 
-	cmd.Flags().BoolVar(&permFromKey, "from-key", false, "grant a permission of keys that are greater than or equal to the given key using byte compare")
 
+	cmd.Flags().BoolVar(&rolePermPrefix, "prefix", false, "grant a prefix permission")
 
+	cmd.Flags().BoolVar(&rolePermFromKey, "from-key", false, "grant a permission of keys that are greater than or equal to the given key using byte compare")
 
 
 	return cmd
 
 }
 
@@ -96,7 +96,8 @@ func newRoleRevokePermissionCommand() *cobra.Command {
 
 		Run:   roleRevokePermissionCommandFunc,
 
 	}
 
 
-	cmd.Flags().BoolVar(&permFromKey, "from-key", false, "grant a permission of keys that are greater than or equal to the given key using byte compare")
 
+	cmd.Flags().BoolVar(&rolePermPrefix, "prefix", false, "revoke a prefix permission")
 
+	cmd.Flags().BoolVar(&rolePermFromKey, "from-key", false, "revoke a permission of keys that are greater than or equal to the given key using byte compare")
 
 
 	return cmd
 
 }
 
@@ -169,27 +170,10 @@ func roleGrantPermissionCommandFunc(cmd *cobra.Command, args []string) {
 
 		ExitWithError(ExitBadArgs, err)
 
 	}
 
 
-	rangeEnd := ""
 
-	if 4 <= len(args) {
 
-		if grantPermissionPrefix {
 
-			ExitWithError(ExitBadArgs, fmt.Errorf("don't pass both of --prefix option and range end to grant permission command"))
 
-		}
 
-
 
-		if permFromKey {
 
-			ExitWithError(ExitBadArgs, fmt.Errorf("don't pass both of --from-key option and range end to grant permission command"))
 
-		}
 
-
 
-		rangeEnd = args[3]
 
-	} else if grantPermissionPrefix {
 
-		if permFromKey {
 
-			ExitWithError(ExitBadArgs, fmt.Errorf("don't pass both of --from-key option and --prefix option to grant permission command"))
 
-		}
 
-
 
-		rangeEnd = clientv3.GetPrefixRangeEnd(args[2])
 
-	} else if permFromKey {
 
-		rangeEnd = "\x00"
 
+	rangeEnd, rerr := rangeEndFromPermFlags(args[2:])
 
+	if rerr != nil {
 
+		ExitWithError(ExitBadArgs, rerr)
 
 	}
 
-
 
 	resp, err := mustClientFromCmd(cmd).Auth.RoleGrantPermission(context.TODO(), args[0], args[2], rangeEnd, perm)
 
 	if err != nil {
 
 		ExitWithError(ExitError, err)
 
@@ -204,16 +188,36 @@ func roleRevokePermissionCommandFunc(cmd *cobra.Command, args []string) {
 
 		ExitWithError(ExitBadArgs, fmt.Errorf("role revoke-permission command requires role name and key [endkey] as its argument."))
 
 	}
 
 
-	rangeEnd := ""
 
-	if 3 <= len(args) {
 
-		rangeEnd = args[2]
 
-	} else if permFromKey {
 
-		rangeEnd = "\x00"
 
+	rangeEnd, rerr := rangeEndFromPermFlags(args[1:])
 
+	if rerr != nil {
 
+		ExitWithError(ExitBadArgs, rerr)
 
 	}
 
-
 
 	resp, err := mustClientFromCmd(cmd).Auth.RoleRevokePermission(context.TODO(), args[0], args[1], rangeEnd)
 
 	if err != nil {
 
 		ExitWithError(ExitError, err)
 
 	}
 
 	display.RoleRevokePermission(args[0], args[1], rangeEnd, *resp)
 
 }
 
+
 
+func rangeEndFromPermFlags(args []string) (string, error) {
 
+	if len(args) == 1 {
 
+		if rolePermPrefix {
 
+			if rolePermFromKey {
 
+				return "", fmt.Errorf("--from-key and --prefix flags are mutually exclusive")
 
+			}
 
+			return clientv3.GetPrefixRangeEnd(args[0]), nil
 
+		}
 
+		if rolePermFromKey {
 
+			return "\x00", nil
 
+		}
 
+		// single key case
 
+		return "", nil
 
+	}
 
+	if rolePermPrefix {
 
+		return "", fmt.Errorf("unexpected endkey argument with --prefix flag")
 
+	}
 
+	if rolePermFromKey {
 
+		return "", fmt.Errorf("unexpected endkey argument with --from-key flag")
 
+	}
 
+	return args[1], nil
 
+}