탐색 도움말
가입하기 로그인
publics
/
etcd-io__etcd
0
0
포크 0
파일 이슈 0 풀 리퀘스트 0 위키
트리: 140e2a18fb
브랜치 태그
etcd-io__etcd
/
clientv3
/
auth.go

auth.go 6.2 KB
히스토리 Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175 
  1. // Copyright 2016 The etcd Authors
    2. 

  2. //
    3. 

  3. // Licensed under the Apache License, Version 2.0 (the "License");
    4. 

  4. // you may not use this file except in compliance with the License.
    5. 

  5. // You may obtain a copy of the License at
    6. 

  6. //
    7. 

  7. //     http://www.apache.org/licenses/LICENSE-2.0
    8. 

  8. //
    9. 

  9. // Unless required by applicable law or agreed to in writing, software
    10. 

  10. // distributed under the License is distributed on an "AS IS" BASIS,
    11. 

  11. // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12. 

  12. // See the License for the specific language governing permissions and
    13. 

  13. // limitations under the License.
    14. 

  14. 

  15. package clientv3
    16. 

  16. 

  17. import (
    18. 

  18. 	"fmt"
    19. 

  19. 	"strings"
    20. 

  20. 

  21. 	"github.com/coreos/etcd/auth/authpb"
    22. 

  22. 	"github.com/coreos/etcd/etcdserver/api/v3rpc/rpctypes"
    23. 

  23. 	pb "github.com/coreos/etcd/etcdserver/etcdserverpb"
    24. 

  24. 	"golang.org/x/net/context"
    25. 

  25. 	"google.golang.org/grpc"
    26. 

  26. )
    27. 

  27. 

  28. type (
    29. 

  29. 	AuthEnableResponse             pb.AuthEnableResponse
    30. 

  30. 	AuthDisableResponse            pb.AuthDisableResponse
    31. 

  31. 	AuthenticateResponse           pb.AuthenticateResponse
    32. 

  32. 	AuthUserAddResponse            pb.AuthUserAddResponse
    33. 

  33. 	AuthUserDeleteResponse         pb.AuthUserDeleteResponse
    34. 

  34. 	AuthUserChangePasswordResponse pb.AuthUserChangePasswordResponse
    35. 

  35. 	AuthUserGrantResponse          pb.AuthUserGrantResponse
    36. 

  36. 	AuthUserGetResponse            pb.AuthUserGetResponse
    37. 

  37. 	AuthRoleAddResponse            pb.AuthRoleAddResponse
    38. 

  38. 	AuthRoleGrantResponse          pb.AuthRoleGrantResponse
    39. 

  39. 

  40. 	PermissionType authpb.Permission_Type
    41. 

  41. )
    42. 

  42. 

  43. const (
    44. 

  44. 	PermRead      = authpb.READ
    45. 

  45. 	PermWrite     = authpb.WRITE
    46. 

  46. 	PermReadWrite = authpb.READWRITE
    47. 

  47. )
    48. 

  48. 

  49. type Auth interface {
    50. 

  50. 	// AuthEnable enables auth of an etcd cluster.
    51. 

  51. 	AuthEnable(ctx context.Context) (*AuthEnableResponse, error)
    52. 

  52. 

  53. 	// AuthDisable disables auth of an etcd cluster.
    54. 

  54. 	AuthDisable(ctx context.Context) (*AuthDisableResponse, error)
    55. 

  55. 

  56. 	// UserAdd adds a new user to an etcd cluster.
    57. 

  57. 	UserAdd(ctx context.Context, name string, password string) (*AuthUserAddResponse, error)
    58. 

  58. 

  59. 	// UserDelete deletes a user from an etcd cluster.
    60. 

  60. 	UserDelete(ctx context.Context, name string) (*AuthUserDeleteResponse, error)
    61. 

  61. 

  62. 	// UserChangePassword changes a password of a user.
    63. 

  63. 	UserChangePassword(ctx context.Context, name string, password string) (*AuthUserChangePasswordResponse, error)
    64. 

  64. 

  65. 	// UserGrant grants a role to a user.
    66. 

  66. 	UserGrant(ctx context.Context, user string, role string) (*AuthUserGrantResponse, error)
    67. 

  67. 

  68. 	// UserGet gets a detailed information of a user.
    69. 

  69. 	UserGet(ctx context.Context, name string) (*AuthUserGetResponse, error)
    70. 

  70. 

  71. 	// RoleAdd adds a new role to an etcd cluster.
    72. 

  72. 	RoleAdd(ctx context.Context, name string) (*AuthRoleAddResponse, error)
    73. 

  73. 

  74. 	// RoleGrant grants a permission to a role.
    75. 

  75. 	RoleGrant(ctx context.Context, name string, key string, permType PermissionType) (*AuthRoleGrantResponse, error)
    76. 

  76. }
    77. 

  77. 

  78. type auth struct {
    79. 

  79. 	c *Client
    80. 

  80. 

  81. 	conn   *grpc.ClientConn // conn in-use
    82. 

  82. 	remote pb.AuthClient
    83. 

  83. }
    84. 

  84. 

  85. func NewAuth(c *Client) Auth {
    86. 

  86. 	conn := c.ActiveConnection()
    87. 

  87. 	return &auth{
    88. 

  88. 		conn:   c.ActiveConnection(),
    89. 

  89. 		remote: pb.NewAuthClient(conn),
    90. 

  90. 		c:      c,
    91. 

  91. 	}
    92. 

  92. }
    93. 

  93. 

  94. func (auth *auth) AuthEnable(ctx context.Context) (*AuthEnableResponse, error) {
    95. 

  95. 	resp, err := auth.remote.AuthEnable(ctx, &pb.AuthEnableRequest{})
    96. 

  96. 	return (*AuthEnableResponse)(resp), rpctypes.Error(err)
    97. 

  97. }
    98. 

  98. 

  99. func (auth *auth) AuthDisable(ctx context.Context) (*AuthDisableResponse, error) {
    100. 

  100. 	resp, err := auth.remote.AuthDisable(ctx, &pb.AuthDisableRequest{})
    101. 

  101. 	return (*AuthDisableResponse)(resp), rpctypes.Error(err)
    102. 

  102. }
    103. 

  103. 

  104. func (auth *auth) UserAdd(ctx context.Context, name string, password string) (*AuthUserAddResponse, error) {
    105. 

  105. 	resp, err := auth.remote.UserAdd(ctx, &pb.AuthUserAddRequest{Name: name, Password: password})
    106. 

  106. 	return (*AuthUserAddResponse)(resp), rpctypes.Error(err)
    107. 

  107. }
    108. 

  108. 

  109. func (auth *auth) UserDelete(ctx context.Context, name string) (*AuthUserDeleteResponse, error) {
    110. 

  110. 	resp, err := auth.remote.UserDelete(ctx, &pb.AuthUserDeleteRequest{Name: name})
    111. 

  111. 	return (*AuthUserDeleteResponse)(resp), rpctypes.Error(err)
    112. 

  112. }
    113. 

  113. 

  114. func (auth *auth) UserChangePassword(ctx context.Context, name string, password string) (*AuthUserChangePasswordResponse, error) {
    115. 

  115. 	resp, err := auth.remote.UserChangePassword(ctx, &pb.AuthUserChangePasswordRequest{Name: name, Password: password})
    116. 

  116. 	return (*AuthUserChangePasswordResponse)(resp), rpctypes.Error(err)
    117. 

  117. }
    118. 

  118. 

  119. func (auth *auth) UserGrant(ctx context.Context, user string, role string) (*AuthUserGrantResponse, error) {
    120. 

  120. 	resp, err := auth.remote.UserGrant(ctx, &pb.AuthUserGrantRequest{User: user, Role: role})
    121. 

  121. 	return (*AuthUserGrantResponse)(resp), rpctypes.Error(err)
    122. 

  122. }
    123. 

  123. 

  124. func (auth *auth) UserGet(ctx context.Context, name string) (*AuthUserGetResponse, error) {
    125. 

  125. 	resp, err := auth.remote.UserGet(ctx, &pb.AuthUserGetRequest{Name: name})
    126. 

  126. 	return (*AuthUserGetResponse)(resp), rpctypes.Error(err)
    127. 

  127. }
    128. 

  128. 

  129. func (auth *auth) RoleAdd(ctx context.Context, name string) (*AuthRoleAddResponse, error) {
    130. 

  130. 	resp, err := auth.remote.RoleAdd(ctx, &pb.AuthRoleAddRequest{Name: name})
    131. 

  131. 	return (*AuthRoleAddResponse)(resp), rpctypes.Error(err)
    132. 

  132. }
    133. 

  133. 

  134. func (auth *auth) RoleGrant(ctx context.Context, name string, key string, permType PermissionType) (*AuthRoleGrantResponse, error) {
    135. 

  135. 	perm := &authpb.Permission{
    136. 

  136. 		Key:      []byte(key),
    137. 

  137. 		PermType: authpb.Permission_Type(permType),
    138. 

  138. 	}
    139. 

  139. 	resp, err := auth.remote.RoleGrant(ctx, &pb.AuthRoleGrantRequest{Name: name, Perm: perm})
    140. 

  140. 	return (*AuthRoleGrantResponse)(resp), rpctypes.Error(err)
    141. 

  141. }
    142. 

  142. 

  143. func StrToPermissionType(s string) (PermissionType, error) {
    144. 

  144. 	val, ok := authpb.Permission_Type_value[strings.ToUpper(s)]
    145. 

  145. 	if ok {
    146. 

  146. 		return PermissionType(val), nil
    147. 

  147. 	}
    148. 

  148. 	return PermissionType(-1), fmt.Errorf("invalid permission type: %s", s)
    149. 

  149. }
    150. 

  150. 

  151. type authenticator struct {
    152. 

  152. 	conn   *grpc.ClientConn // conn in-use
    153. 

  153. 	remote pb.AuthClient
    154. 

  154. }
    155. 

  155. 

  156. func (auth *authenticator) authenticate(ctx context.Context, name string, password string) (*AuthenticateResponse, error) {
    157. 

  157. 	resp, err := auth.remote.Authenticate(ctx, &pb.AuthenticateRequest{Name: name, Password: password})
    158. 

  158. 	return (*AuthenticateResponse)(resp), rpctypes.Error(err)
    159. 

  159. }
    160. 

  160. 

  161. func (auth *authenticator) close() {
    162. 

  162. 	auth.conn.Close()
    163. 

  163. }
    164. 

  164. 

  165. func newAuthenticator(endpoint string, opts []grpc.DialOption) (*authenticator, error) {
    166. 

  166. 	conn, err := grpc.Dial(endpoint, opts...)
    167. 

  167. 	if err != nil {
    168. 

  168. 		return nil, err
    169. 

  169. 	}
    170. 

  170. 

  171. 	return &authenticator{
    172. 

  172. 		conn:   conn,
    173. 

  173. 		remote: pb.NewAuthClient(conn),
    174. 

  174. 	}, nil
    175. 

  175. }
    176.