mirror of
https://github.com/etcd-io/etcd.git
synced 2024-09-27 06:25:44 +00:00
Merge pull request #5043 from mitake/auth-trivial
little cleaning of v3 auth
This commit is contained in:
Xiang Li
commit
8e3d99cd3e
@ -15,6 +15,7 @@
|
||||
package auth
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"errors"
|
||||
"sort"
|
||||
"strings"
|
||||
@ -90,8 +91,6 @@ func (as *authStore) Recover(be backend.Backend) {
|
||||
}
|
||||
|
||||
func (as *authStore) UserAdd(r *pb.AuthUserAddRequest) (*pb.AuthUserAddResponse, error) {
|
||||
plog.Noticef("adding a new user: %s", r.Name)
|
||||
|
||||
hashed, err := bcrypt.GenerateFromPassword([]byte(r.Password), bcrypt.DefaultCost)
|
||||
if err != nil {
|
||||
plog.Errorf("failed to hash password: %s", err)
|
||||
@ -245,6 +244,20 @@ func (as *authStore) RoleAdd(r *pb.AuthRoleAddRequest) (*pb.AuthRoleAddResponse,
|
||||
return &pb.AuthRoleAddResponse{}, nil
|
||||
}
|
||||
|
||||
type permSlice []*authpb.Permission
|
||||
|
||||
func (perms permSlice) Len() int {
|
||||
return len(perms)
|
||||
}
|
||||
|
||||
func (perms permSlice) Less(i, j int) bool {
|
||||
return bytes.Compare(perms[i].Key, perms[j].Key) < 0
|
||||
}
|
||||
|
||||
func (perms permSlice) Swap(i, j int) {
|
||||
perms[i], perms[j] = perms[j], perms[i]
|
||||
}
|
||||
|
||||
func (as *authStore) RoleGrant(r *pb.AuthRoleGrantRequest) (*pb.AuthRoleGrantResponse, error) {
|
||||
tx := as.be.BatchTx()
|
||||
tx.Lock()
|
||||
@ -262,13 +275,22 @@ func (as *authStore) RoleGrant(r *pb.AuthRoleGrantRequest) (*pb.AuthRoleGrantRes
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if !updateExistingPermission(role.KeyPermission, string(r.Perm.Key), r.Perm.PermType) {
|
||||
idx := sort.Search(len(role.KeyPermission), func(i int) bool {
|
||||
return bytes.Compare(role.KeyPermission[i].Key, []byte(r.Perm.Key)) >= 0
|
||||
})
|
||||
|
||||
if bytes.Equal(role.KeyPermission[idx].Key, r.Perm.Key) {
|
||||
// update existing permission
|
||||
role.KeyPermission[idx].PermType = r.Perm.PermType
|
||||
} else {
|
||||
// append new permission to the role
|
||||
newPerm := &authpb.Permission{
|
||||
Key: []byte(r.Perm.Key),
|
||||
PermType: r.Perm.PermType,
|
||||
}
|
||||
|
||||
role.KeyPermission = append(role.KeyPermission, newPerm)
|
||||
sort.Sort(permSlice(role.KeyPermission))
|
||||
}
|
||||
|
||||
marshaledRole, merr := role.Marshal()
|
||||
@ -284,17 +306,6 @@ func (as *authStore) RoleGrant(r *pb.AuthRoleGrantRequest) (*pb.AuthRoleGrantRes
|
||||
return &pb.AuthRoleGrantResponse{}, nil
|
||||
}
|
||||
|
||||
func updateExistingPermission(perms []*authpb.Permission, key string, newPerm authpb.Permission_Type) bool {
|
||||
for _, perm := range perms {
|
||||
if strings.Compare(string(perm.Key), key) == 0 {
|
||||
perm.PermType = newPerm
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
return false
|
||||
}
|
||||
|
||||
func NewAuthStore(be backend.Backend) *authStore {
|
||||
tx := be.BatchTx()
|
||||
tx.Lock()
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user