Home Explore Help
Register Sign In
publics
/
etcd-io__etcd
0
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 131e3806bb
Branches Tags
etcd-io__etcd
/
clientv3
/
auth.go

auth.go 5.0 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138 
  1. // Copyright 2016 Nippon Telegraph and Telephone Corporation.
    2. 

  2. //
    3. 

  3. // Licensed under the Apache License, Version 2.0 (the "License");
    4. 

  4. // you may not use this file except in compliance with the License.
    5. 

  5. // You may obtain a copy of the License at
    6. 

  6. //
    7. 

  7. //     http://www.apache.org/licenses/LICENSE-2.0
    8. 

  8. //
    9. 

  9. // Unless required by applicable law or agreed to in writing, software
    10. 

  10. // distributed under the License is distributed on an "AS IS" BASIS,
    11. 

  11. // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12. 

  12. // See the License for the specific language governing permissions and
    13. 

  13. // limitations under the License.
    14. 

  14. 

  15. package clientv3
    16. 

  16. 

  17. import (
    18. 

  18. 	"fmt"
    19. 

  19. 	"strings"
    20. 

  20. 

  21. 	"github.com/coreos/etcd/auth/authpb"
    22. 

  22. 	pb "github.com/coreos/etcd/etcdserver/etcdserverpb"
    23. 

  23. 	"golang.org/x/net/context"
    24. 

  24. 	"google.golang.org/grpc"
    25. 

  25. )
    26. 

  26. 

  27. type (
    28. 

  28. 	AuthEnableResponse             pb.AuthEnableResponse
    29. 

  29. 	AuthenticateResponse           pb.AuthenticateResponse
    30. 

  30. 	AuthUserAddResponse            pb.AuthUserAddResponse
    31. 

  31. 	AuthUserDeleteResponse         pb.AuthUserDeleteResponse
    32. 

  32. 	AuthUserChangePasswordResponse pb.AuthUserChangePasswordResponse
    33. 

  33. 	AuthUserGrantResponse          pb.AuthUserGrantResponse
    34. 

  34. 	AuthRoleAddResponse            pb.AuthRoleAddResponse
    35. 

  35. 	AuthRoleGrantResponse          pb.AuthRoleGrantResponse
    36. 

  36. 

  37. 	PermissionType authpb.Permission_Type
    38. 

  38. )
    39. 

  39. 

  40. const (
    41. 

  41. 	PermRead      = authpb.READ
    42. 

  42. 	PermWrite     = authpb.WRITE
    43. 

  43. 	PermReadWrite = authpb.READWRITE
    44. 

  44. )
    45. 

  45. 

  46. type Auth interface {
    47. 

  47. 	// AuthEnable enables auth of an etcd cluster.
    48. 

  48. 	AuthEnable(ctx context.Context) (*AuthEnableResponse, error)
    49. 

  49. 

  50. 	// Authenticate does authenticate with given user name and password.
    51. 

  51. 	Authenticate(ctx context.Context, name string, password string) (*AuthenticateResponse, error)
    52. 

  52. 

  53. 	// UserAdd adds a new user to an etcd cluster.
    54. 

  54. 	UserAdd(ctx context.Context, name string, password string) (*AuthUserAddResponse, error)
    55. 

  55. 

  56. 	// UserDelete deletes a user from an etcd cluster.
    57. 

  57. 	UserDelete(ctx context.Context, name string) (*AuthUserDeleteResponse, error)
    58. 

  58. 

  59. 	// UserChangePassword changes a password of a user.
    60. 

  60. 	UserChangePassword(ctx context.Context, name string, password string) (*AuthUserChangePasswordResponse, error)
    61. 

  61. 

  62. 	// UserGrant grants a role to a user.
    63. 

  63. 	UserGrant(ctx context.Context, user string, role string) (*AuthUserGrantResponse, error)
    64. 

  64. 

  65. 	// RoleAdd adds a new role to an etcd cluster.
    66. 

  66. 	RoleAdd(ctx context.Context, name string) (*AuthRoleAddResponse, error)
    67. 

  67. 

  68. 	// RoleGrant grants a permission to a role.
    69. 

  69. 	RoleGrant(ctx context.Context, name string, key string, permType PermissionType) (*AuthRoleGrantResponse, error)
    70. 

  70. }
    71. 

  71. 

  72. type auth struct {
    73. 

  73. 	c *Client
    74. 

  74. 

  75. 	conn   *grpc.ClientConn // conn in-use
    76. 

  76. 	remote pb.AuthClient
    77. 

  77. }
    78. 

  78. 

  79. func NewAuth(c *Client) Auth {
    80. 

  80. 	conn := c.ActiveConnection()
    81. 

  81. 	return &auth{
    82. 

  82. 		conn:   c.ActiveConnection(),
    83. 

  83. 		remote: pb.NewAuthClient(conn),
    84. 

  84. 		c:      c,
    85. 

  85. 	}
    86. 

  86. }
    87. 

  87. 

  88. func (auth *auth) AuthEnable(ctx context.Context) (*AuthEnableResponse, error) {
    89. 

  89. 	resp, err := auth.remote.AuthEnable(ctx, &pb.AuthEnableRequest{})
    90. 

  90. 	return (*AuthEnableResponse)(resp), err
    91. 

  91. }
    92. 

  92. 

  93. func (auth *auth) Authenticate(ctx context.Context, name string, password string) (*AuthenticateResponse, error) {
    94. 

  94. 	resp, err := auth.remote.Authenticate(ctx, &pb.AuthenticateRequest{Name: name, Password: password})
    95. 

  95. 	return (*AuthenticateResponse)(resp), err
    96. 

  96. }
    97. 

  97. 

  98. func (auth *auth) UserAdd(ctx context.Context, name string, password string) (*AuthUserAddResponse, error) {
    99. 

  99. 	resp, err := auth.remote.UserAdd(ctx, &pb.AuthUserAddRequest{Name: name, Password: password})
    100. 

  100. 	return (*AuthUserAddResponse)(resp), err
    101. 

  101. }
    102. 

  102. 

  103. func (auth *auth) UserDelete(ctx context.Context, name string) (*AuthUserDeleteResponse, error) {
    104. 

  104. 	resp, err := auth.remote.UserDelete(ctx, &pb.AuthUserDeleteRequest{Name: name})
    105. 

  105. 	return (*AuthUserDeleteResponse)(resp), err
    106. 

  106. }
    107. 

  107. 

  108. func (auth *auth) UserChangePassword(ctx context.Context, name string, password string) (*AuthUserChangePasswordResponse, error) {
    109. 

  109. 	resp, err := auth.remote.UserChangePassword(ctx, &pb.AuthUserChangePasswordRequest{Name: name, Password: password})
    110. 

  110. 	return (*AuthUserChangePasswordResponse)(resp), err
    111. 

  111. }
    112. 

  112. 

  113. func (auth *auth) UserGrant(ctx context.Context, user string, role string) (*AuthUserGrantResponse, error) {
    114. 

  114. 	resp, err := auth.remote.UserGrant(ctx, &pb.AuthUserGrantRequest{User: user, Role: role})
    115. 

  115. 	return (*AuthUserGrantResponse)(resp), err
    116. 

  116. }
    117. 

  117. 

  118. func (auth *auth) RoleAdd(ctx context.Context, name string) (*AuthRoleAddResponse, error) {
    119. 

  119. 	resp, err := auth.remote.RoleAdd(ctx, &pb.AuthRoleAddRequest{Name: name})
    120. 

  120. 	return (*AuthRoleAddResponse)(resp), err
    121. 

  121. }
    122. 

  122. 

  123. func (auth *auth) RoleGrant(ctx context.Context, name string, key string, permType PermissionType) (*AuthRoleGrantResponse, error) {
    124. 

  124. 	perm := &authpb.Permission{
    125. 

  125. 		Key:      []byte(key),
    126. 

  126. 		PermType: authpb.Permission_Type(permType),
    127. 

  127. 	}
    128. 

  128. 	resp, err := auth.remote.RoleGrant(ctx, &pb.AuthRoleGrantRequest{Name: name, Perm: perm})
    129. 

  129. 	return (*AuthRoleGrantResponse)(resp), err
    130. 

  130. }
    131. 

  131. 

  132. func StrToPermissionType(s string) (PermissionType, error) {
    133. 

  133. 	val, ok := authpb.Permission_Type_value[strings.ToUpper(s)]
    134. 

  134. 	if ok {
    135. 

  135. 		return PermissionType(val), nil
    136. 

  136. 	}
    137. 

  137. 	return PermissionType(-1), fmt.Errorf("invalid permission type: %s", s)
    138. 

  138. }
    139.