탐색 도움말
가입하기 로그인
publics
/
etcd-io__etcd
0
0
포크 0
파일 이슈 0 풀 리퀘스트 0 위키
트리: 10ee69b44c
브랜치 태그
etcd-io__etcd
/
clientv3
/
auth.go

auth.go 6.6 KB
히스토리 Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184 
  1. // Copyright 2016 The etcd Authors
    2. 

  2. //
    3. 

  3. // Licensed under the Apache License, Version 2.0 (the "License");
    4. 

  4. // you may not use this file except in compliance with the License.
    5. 

  5. // You may obtain a copy of the License at
    6. 

  6. //
    7. 

  7. //     http://www.apache.org/licenses/LICENSE-2.0
    8. 

  8. //
    9. 

  9. // Unless required by applicable law or agreed to in writing, software
    10. 

  10. // distributed under the License is distributed on an "AS IS" BASIS,
    11. 

  11. // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12. 

  12. // See the License for the specific language governing permissions and
    13. 

  13. // limitations under the License.
    14. 

  14. 

  15. package clientv3
    16. 

  16. 

  17. import (
    18. 

  18. 	"fmt"
    19. 

  19. 	"strings"
    20. 

  20. 

  21. 	"github.com/coreos/etcd/auth/authpb"
    22. 

  22. 	"github.com/coreos/etcd/etcdserver/api/v3rpc/rpctypes"
    23. 

  23. 	pb "github.com/coreos/etcd/etcdserver/etcdserverpb"
    24. 

  24. 	"golang.org/x/net/context"
    25. 

  25. 	"google.golang.org/grpc"
    26. 

  26. )
    27. 

  27. 

  28. type (
    29. 

  29. 	AuthEnableResponse             pb.AuthEnableResponse
    30. 

  30. 	AuthDisableResponse            pb.AuthDisableResponse
    31. 

  31. 	AuthenticateResponse           pb.AuthenticateResponse
    32. 

  32. 	AuthUserAddResponse            pb.AuthUserAddResponse
    33. 

  33. 	AuthUserDeleteResponse         pb.AuthUserDeleteResponse
    34. 

  34. 	AuthUserChangePasswordResponse pb.AuthUserChangePasswordResponse
    35. 

  35. 	AuthUserGrantResponse          pb.AuthUserGrantResponse
    36. 

  36. 	AuthUserGetResponse            pb.AuthUserGetResponse
    37. 

  37. 	AuthRoleAddResponse            pb.AuthRoleAddResponse
    38. 

  38. 	AuthRoleGrantResponse          pb.AuthRoleGrantResponse
    39. 

  39. 	AuthRoleGetResponse            pb.AuthRoleGetResponse
    40. 

  40. 

  41. 	PermissionType authpb.Permission_Type
    42. 

  42. )
    43. 

  43. 

  44. const (
    45. 

  45. 	PermRead      = authpb.READ
    46. 

  46. 	PermWrite     = authpb.WRITE
    47. 

  47. 	PermReadWrite = authpb.READWRITE
    48. 

  48. )
    49. 

  49. 

  50. type Auth interface {
    51. 

  51. 	// AuthEnable enables auth of an etcd cluster.
    52. 

  52. 	AuthEnable(ctx context.Context) (*AuthEnableResponse, error)
    53. 

  53. 

  54. 	// AuthDisable disables auth of an etcd cluster.
    55. 

  55. 	AuthDisable(ctx context.Context) (*AuthDisableResponse, error)
    56. 

  56. 

  57. 	// UserAdd adds a new user to an etcd cluster.
    58. 

  58. 	UserAdd(ctx context.Context, name string, password string) (*AuthUserAddResponse, error)
    59. 

  59. 

  60. 	// UserDelete deletes a user from an etcd cluster.
    61. 

  61. 	UserDelete(ctx context.Context, name string) (*AuthUserDeleteResponse, error)
    62. 

  62. 

  63. 	// UserChangePassword changes a password of a user.
    64. 

  64. 	UserChangePassword(ctx context.Context, name string, password string) (*AuthUserChangePasswordResponse, error)
    65. 

  65. 

  66. 	// UserGrant grants a role to a user.
    67. 

  67. 	UserGrant(ctx context.Context, user string, role string) (*AuthUserGrantResponse, error)
    68. 

  68. 

  69. 	// UserGet gets a detailed information of a user.
    70. 

  70. 	UserGet(ctx context.Context, name string) (*AuthUserGetResponse, error)
    71. 

  71. 

  72. 	// RoleAdd adds a new role to an etcd cluster.
    73. 

  73. 	RoleAdd(ctx context.Context, name string) (*AuthRoleAddResponse, error)
    74. 

  74. 

  75. 	// RoleGrant grants a permission to a role.
    76. 

  76. 	RoleGrant(ctx context.Context, name string, key string, permType PermissionType) (*AuthRoleGrantResponse, error)
    77. 

  77. 

  78. 	// RoleGet gets a detailed information of a role.
    79. 

  79. 	RoleGet(ctx context.Context, role string) (*AuthRoleGetResponse, error)
    80. 

  80. }
    81. 

  81. 

  82. type auth struct {
    83. 

  83. 	c *Client
    84. 

  84. 

  85. 	conn   *grpc.ClientConn // conn in-use
    86. 

  86. 	remote pb.AuthClient
    87. 

  87. }
    88. 

  88. 

  89. func NewAuth(c *Client) Auth {
    90. 

  90. 	conn := c.ActiveConnection()
    91. 

  91. 	return &auth{
    92. 

  92. 		conn:   c.ActiveConnection(),
    93. 

  93. 		remote: pb.NewAuthClient(conn),
    94. 

  94. 		c:      c,
    95. 

  95. 	}
    96. 

  96. }
    97. 

  97. 

  98. func (auth *auth) AuthEnable(ctx context.Context) (*AuthEnableResponse, error) {
    99. 

  99. 	resp, err := auth.remote.AuthEnable(ctx, &pb.AuthEnableRequest{})
    100. 

  100. 	return (*AuthEnableResponse)(resp), rpctypes.Error(err)
    101. 

  101. }
    102. 

  102. 

  103. func (auth *auth) AuthDisable(ctx context.Context) (*AuthDisableResponse, error) {
    104. 

  104. 	resp, err := auth.remote.AuthDisable(ctx, &pb.AuthDisableRequest{})
    105. 

  105. 	return (*AuthDisableResponse)(resp), rpctypes.Error(err)
    106. 

  106. }
    107. 

  107. 

  108. func (auth *auth) UserAdd(ctx context.Context, name string, password string) (*AuthUserAddResponse, error) {
    109. 

  109. 	resp, err := auth.remote.UserAdd(ctx, &pb.AuthUserAddRequest{Name: name, Password: password})
    110. 

  110. 	return (*AuthUserAddResponse)(resp), rpctypes.Error(err)
    111. 

  111. }
    112. 

  112. 

  113. func (auth *auth) UserDelete(ctx context.Context, name string) (*AuthUserDeleteResponse, error) {
    114. 

  114. 	resp, err := auth.remote.UserDelete(ctx, &pb.AuthUserDeleteRequest{Name: name})
    115. 

  115. 	return (*AuthUserDeleteResponse)(resp), rpctypes.Error(err)
    116. 

  116. }
    117. 

  117. 

  118. func (auth *auth) UserChangePassword(ctx context.Context, name string, password string) (*AuthUserChangePasswordResponse, error) {
    119. 

  119. 	resp, err := auth.remote.UserChangePassword(ctx, &pb.AuthUserChangePasswordRequest{Name: name, Password: password})
    120. 

  120. 	return (*AuthUserChangePasswordResponse)(resp), rpctypes.Error(err)
    121. 

  121. }
    122. 

  122. 

  123. func (auth *auth) UserGrant(ctx context.Context, user string, role string) (*AuthUserGrantResponse, error) {
    124. 

  124. 	resp, err := auth.remote.UserGrant(ctx, &pb.AuthUserGrantRequest{User: user, Role: role})
    125. 

  125. 	return (*AuthUserGrantResponse)(resp), rpctypes.Error(err)
    126. 

  126. }
    127. 

  127. 

  128. func (auth *auth) UserGet(ctx context.Context, name string) (*AuthUserGetResponse, error) {
    129. 

  129. 	resp, err := auth.remote.UserGet(ctx, &pb.AuthUserGetRequest{Name: name})
    130. 

  130. 	return (*AuthUserGetResponse)(resp), rpctypes.Error(err)
    131. 

  131. }
    132. 

  132. 

  133. func (auth *auth) RoleAdd(ctx context.Context, name string) (*AuthRoleAddResponse, error) {
    134. 

  134. 	resp, err := auth.remote.RoleAdd(ctx, &pb.AuthRoleAddRequest{Name: name})
    135. 

  135. 	return (*AuthRoleAddResponse)(resp), rpctypes.Error(err)
    136. 

  136. }
    137. 

  137. 

  138. func (auth *auth) RoleGrant(ctx context.Context, name string, key string, permType PermissionType) (*AuthRoleGrantResponse, error) {
    139. 

  139. 	perm := &authpb.Permission{
    140. 

  140. 		Key:      []byte(key),
    141. 

  141. 		PermType: authpb.Permission_Type(permType),
    142. 

  142. 	}
    143. 

  143. 	resp, err := auth.remote.RoleGrant(ctx, &pb.AuthRoleGrantRequest{Name: name, Perm: perm})
    144. 

  144. 	return (*AuthRoleGrantResponse)(resp), rpctypes.Error(err)
    145. 

  145. }
    146. 

  146. 

  147. func (auth *auth) RoleGet(ctx context.Context, role string) (*AuthRoleGetResponse, error) {
    148. 

  148. 	resp, err := auth.remote.RoleGet(ctx, &pb.AuthRoleGetRequest{Role: role})
    149. 

  149. 	return (*AuthRoleGetResponse)(resp), rpctypes.Error(err)
    150. 

  150. }
    151. 

  151. 

  152. func StrToPermissionType(s string) (PermissionType, error) {
    153. 

  153. 	val, ok := authpb.Permission_Type_value[strings.ToUpper(s)]
    154. 

  154. 	if ok {
    155. 

  155. 		return PermissionType(val), nil
    156. 

  156. 	}
    157. 

  157. 	return PermissionType(-1), fmt.Errorf("invalid permission type: %s", s)
    158. 

  158. }
    159. 

  159. 

  160. type authenticator struct {
    161. 

  161. 	conn   *grpc.ClientConn // conn in-use
    162. 

  162. 	remote pb.AuthClient
    163. 

  163. }
    164. 

  164. 

  165. func (auth *authenticator) authenticate(ctx context.Context, name string, password string) (*AuthenticateResponse, error) {
    166. 

  166. 	resp, err := auth.remote.Authenticate(ctx, &pb.AuthenticateRequest{Name: name, Password: password})
    167. 

  167. 	return (*AuthenticateResponse)(resp), rpctypes.Error(err)
    168. 

  168. }
    169. 

  169. 

  170. func (auth *authenticator) close() {
    171. 

  171. 	auth.conn.Close()
    172. 

  172. }
    173. 

  173. 

  174. func newAuthenticator(endpoint string, opts []grpc.DialOption) (*authenticator, error) {
    175. 

  175. 	conn, err := grpc.Dial(endpoint, opts...)
    176. 

  176. 	if err != nil {
    177. 

  177. 		return nil, err
    178. 

  178. 	}
    179. 

  179. 

  180. 	return &authenticator{
    181. 

  181. 		conn:   conn,
    182. 

  182. 		remote: pb.NewAuthClient(conn),
    183. 

  183. 	}, nil
    184. 

  184. }
    185.