Mirroristas/etcd
2
0
Fork 0
mirror of https://github.com/etcd-io/etcd.git synced 2024-09-27 06:25:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

auth: add key support in merge func

Browse Source
This commit is contained in:
Xiang Li 2016-06-13 12:57:14 -07:00
parent 18851e70b6
commit 9be65414eb
2 changed files with 39 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
auth/range_perm_cache.go
View File

@ -22,9 +22,20 @@ import (
"github.com/coreos/etcd/mvcc/backend" "github.com/coreos/etcd/mvcc/backend"
) )
// isSubset returns true if a is a subset of b
func isSubset(a, b *rangePerm) bool { func isSubset(a, b *rangePerm) bool {
// return true if a is a subset of b switch {
return 0 <= bytes.Compare(a.begin, b.begin) && bytes.Compare(a.end, b.end) <= 0 case len(a.end) == 0 && len(b.end) == 0:
// a, b are both keys
return bytes.Compare(a.begin, b.begin) == 0
case len(b.end) == 0:
// b is a key, a is a range
return false
case len(a.end) == 0:
return 0 <= bytes.Compare(a.begin, b.begin) && bytes.Compare(a.begin, b.end) <= 0
default:
return 0 <= bytes.Compare(a.begin, b.begin) && bytes.Compare(a.end, b.end) <= 0
}
} }
// removeSubsetRangePerms removes any rangePerms that are subsets of other rangePerms. // removeSubsetRangePerms removes any rangePerms that are subsets of other rangePerms.
@ -126,15 +137,10 @@ func checkKeyPerm(cachedPerms *unifiedRangePermissions, key, rangeEnd []byte, pe
plog.Panicf("unknown auth type: %v", permtyp) plog.Panicf("unknown auth type: %v", permtyp)
} }
for _, perm := range tocheck { requiredPerm := &rangePerm{begin: key, end: rangeEnd}
// check permission of a single key
if len(rangeEnd) == 0 {
if bytes.Compare(perm.begin, key) <= 0 && bytes.Compare(rangeEnd, perm.end) <= 0 {
return true
}
}
if bytes.Compare(perm.begin, key) <= 0 && bytes.Compare(perm.end, key) >= 0 { for _, perm := range tocheck {
if isSubset(requiredPerm, perm) {
return true return true
} }
} }

24
auth/range_perm_cache_test.go
View File

@ -37,7 +37,7 @@ func isPermsEqual(a, b []*rangePerm) bool {
return true return true
} }
func TestUnifyParams(t *testing.T) { func TestGetMergedPerms(t *testing.T) {
tests := []struct { tests := []struct {
params []*rangePerm params []*rangePerm
want []*rangePerm want []*rangePerm
@ -86,6 +86,28 @@ func TestUnifyParams(t *testing.T) {
[]*rangePerm{{[]byte("a"), []byte("b")}, {[]byte("b"), []byte("c")}, {[]byte("c"), []byte("d")}, {[]byte("d"), []byte("f")}, {[]byte("1"), []byte("9")}}, []*rangePerm{{[]byte("a"), []byte("b")}, {[]byte("b"), []byte("c")}, {[]byte("c"), []byte("d")}, {[]byte("d"), []byte("f")}, {[]byte("1"), []byte("9")}},
[]*rangePerm{{[]byte("1"), []byte("9")}, {[]byte("a"), []byte("f")}}, []*rangePerm{{[]byte("1"), []byte("9")}, {[]byte("a"), []byte("f")}},
}, },
// overlapping
{
[]*rangePerm{{[]byte("a"), []byte("f")}, {[]byte("b"), []byte("g")}},
[]*rangePerm{{[]byte("a"), []byte("g")}},
},
// keys
{
[]*rangePerm{{[]byte("a"), []byte("")}, {[]byte("b"), []byte("")}},
[]*rangePerm{{[]byte("a"), []byte("")}, {[]byte("b"), []byte("")}},
},
{
[]*rangePerm{{[]byte("a"), []byte("")}, {[]byte("a"), []byte("c")}},
[]*rangePerm{{[]byte("a"), []byte("c")}},
},
{
[]*rangePerm{{[]byte("a"), []byte("")}, {[]byte("a"), []byte("c")}, {[]byte("b"), []byte("")}},
[]*rangePerm{{[]byte("a"), []byte("c")}},
},
{
[]*rangePerm{{[]byte("a"), []byte("")}, {[]byte("b"), []byte("c")}, {[]byte("b"), []byte("")}, {[]byte("c"), []byte("")}, {[]byte("d"), []byte("")}},
[]*rangePerm{{[]byte("a"), []byte("")}, {[]byte("b"), []byte("c")}, {[]byte("d"), []byte("")}},
},
} }
for i, tt := range tests { for i, tt := range tests {