Mirroristas/etcd
2
0
Fork 0
mirror of https://github.com/etcd-io/etcd.git synced 2024-09-27 06:25:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5590 from xiang90/user

Browse Source 
auth: add getuser
This commit is contained in:
Xiang Li 2016-06-08 08:08:36 -07:00
commit 4d56f54898
1 changed files with 32 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
auth/store.go
View File

@ -194,9 +194,9 @@ func (as *authStore) UserAdd(r *pb.AuthUserAddRequest) (*pb.AuthUserAddResponse,
tx.Lock() tx.Lock()
defer tx.Unlock() defer tx.Unlock()
_, vs := tx.UnsafeRange(authUsersBucketName, []byte(r.Name), nil, 0) user := getUser(tx, r.Name)
if len(vs) != 0 { if user != nil {
return &pb.AuthUserAddResponse{}, ErrUserAlreadyExist return nil, ErrUserAlreadyExist
} }
newUser := authpb.User{ newUser := authpb.User{
@ -222,9 +222,9 @@ func (as *authStore) UserDelete(r *pb.AuthUserDeleteRequest) (*pb.AuthUserDelete
tx.Lock() tx.Lock()
defer tx.Unlock() defer tx.Unlock()
_, vs := tx.UnsafeRange(authUsersBucketName, []byte(r.Name), nil, 0) user := getUser(tx, r.Name)
if len(vs) != 1 { if user == nil {
return &pb.AuthUserDeleteResponse{}, ErrUserNotFound return nil, ErrUserNotFound
} }
tx.UnsafeDelete(authUsersBucketName, []byte(r.Name)) tx.UnsafeDelete(authUsersBucketName, []byte(r.Name))
@ -247,9 +247,9 @@ func (as *authStore) UserChangePassword(r *pb.AuthUserChangePasswordRequest) (*p
tx.Lock() tx.Lock()
defer tx.Unlock() defer tx.Unlock()
_, vs := tx.UnsafeRange(authUsersBucketName, []byte(r.Name), nil, 0) user := getUser(tx, r.Name)
if len(vs) != 1 { if user == nil {
return &pb.AuthUserChangePasswordResponse{}, ErrUserNotFound return nil, ErrUserNotFound
} }
updatedUser := authpb.User{ updatedUser := authpb.User{
@ -275,18 +275,12 @@ func (as *authStore) UserGrantRole(r *pb.AuthUserGrantRoleRequest) (*pb.AuthUser
tx.Lock() tx.Lock()
defer tx.Unlock() defer tx.Unlock()
_, vs := tx.UnsafeRange(authUsersBucketName, []byte(r.User), nil, 0) user := getUser(tx, r.User)
if len(vs) != 1 { if user == nil {
return nil, ErrUserNotFound return nil, ErrUserNotFound
} }
user := &authpb.User{} _, vs := tx.UnsafeRange(authRolesBucketName, []byte(r.Role), nil, 0)
err := user.Unmarshal(vs[0])
if err != nil {
return nil, err
}
_, vs = tx.UnsafeRange(authRolesBucketName, []byte(r.Role), nil, 0)
if len(vs) != 1 { if len(vs) != 1 {
return nil, ErrRoleNotFound return nil, ErrRoleNotFound
} }
@ -316,17 +310,11 @@ func (as *authStore) UserGet(r *pb.AuthUserGetRequest) (*pb.AuthUserGetResponse,
tx.Lock() tx.Lock()
defer tx.Unlock() defer tx.Unlock()
_, vs := tx.UnsafeRange(authUsersBucketName, []byte(r.Name), nil, 0) user := getUser(tx, r.Name)
if len(vs) != 1 { if user == nil {
return nil, ErrUserNotFound return nil, ErrUserNotFound
} }
user := &authpb.User{}
err := user.Unmarshal(vs[0])
if err != nil {
return nil, err
}
var resp pb.AuthUserGetResponse var resp pb.AuthUserGetResponse
for _, role := range user.Roles { for _, role := range user.Roles {
resp.Roles = append(resp.Roles, role) resp.Roles = append(resp.Roles, role)
@ -340,17 +328,11 @@ func (as *authStore) UserRevokeRole(r *pb.AuthUserRevokeRoleRequest) (*pb.AuthUs
tx.Lock() tx.Lock()
defer tx.Unlock() defer tx.Unlock()
_, vs := tx.UnsafeRange(authUsersBucketName, []byte(r.Name), nil, 0) user := getUser(tx, r.Name)
if len(vs) != 1 { if user == nil {
return nil, ErrUserNotFound return nil, ErrUserNotFound
} }
user := &authpb.User{}
err := user.Unmarshal(vs[0])
if err != nil {
return nil, err
}
updatedUser := &authpb.User{} updatedUser := &authpb.User{}
updatedUser.Name = user.Name updatedUser.Name = user.Name
updatedUser.Password = user.Password updatedUser.Password = user.Password
@ -579,19 +561,12 @@ func (as *authStore) isOpPermitted(userName string, key string, write bool, read
tx.Lock() tx.Lock()
defer tx.Unlock() defer tx.Unlock()
_, vs := tx.UnsafeRange(authUsersBucketName, []byte(userName), nil, 0) user := getUser(tx, userName)
if len(vs) != 1 { if user == nil {
plog.Errorf("invalid user name %s for permission checking", userName) plog.Errorf("invalid user name %s for permission checking", userName)
return false return false
} }
user := &authpb.User{}
err := user.Unmarshal(vs[0])
if err != nil {
plog.Errorf("failed to unmarshal user struct (name: %s): %s", userName, err)
return false
}
for _, roleName := range user.Roles { for _, roleName := range user.Roles {
_, vs := tx.UnsafeRange(authRolesBucketName, []byte(roleName), nil, 0) _, vs := tx.UnsafeRange(authRolesBucketName, []byte(roleName), nil, 0)
if len(vs) != 1 { if len(vs) != 1 {
@ -634,6 +609,20 @@ func (as *authStore) IsRangePermitted(header *pb.RequestHeader, key string) bool
return as.isOpPermitted(header.Username, key, false, true) return as.isOpPermitted(header.Username, key, false, true)
} }
func getUser(tx backend.BatchTx, username string) *authpb.User {
_, vs := tx.UnsafeRange(authUsersBucketName, []byte(username), nil, 0)
if len(vs) == 0 {
return nil
}
user := &authpb.User{}
err := user.Unmarshal(vs[0])
if err != nil {
plog.Panicf("failed to unmarshal user struct (name: %s): %s", username, err)
}
return user
}
func (as *authStore) isAuthEnabled() bool { func (as *authStore) isAuthEnabled() bool {
as.enabledMu.RLock() as.enabledMu.RLock()
defer as.enabledMu.RUnlock() defer as.enabledMu.RUnlock()