diff --git a/etcdctl/ctlv3/command/role_command.go b/etcdctl/ctlv3/command/role_command.go index f75a8efce..b467a5632 100644 --- a/etcdctl/ctlv3/command/role_command.go +++ b/etcdctl/ctlv3/command/role_command.go @@ -23,8 +23,8 @@ import ( ) var ( - grantPermissionPrefix bool - permFromKey bool + rolePermPrefix bool + rolePermFromKey bool ) // NewRoleCommand returns the cobra command for "role". @@ -83,8 +83,8 @@ func newRoleGrantPermissionCommand() *cobra.Command { Run: roleGrantPermissionCommandFunc, } - cmd.Flags().BoolVar(&grantPermissionPrefix, "prefix", false, "grant a prefix permission") - cmd.Flags().BoolVar(&permFromKey, "from-key", false, "grant a permission of keys that are greater than or equal to the given key using byte compare") + cmd.Flags().BoolVar(&rolePermPrefix, "prefix", false, "grant a prefix permission") + cmd.Flags().BoolVar(&rolePermFromKey, "from-key", false, "grant a permission of keys that are greater than or equal to the given key using byte compare") return cmd } @@ -96,7 +96,8 @@ func newRoleRevokePermissionCommand() *cobra.Command { Run: roleRevokePermissionCommandFunc, } - cmd.Flags().BoolVar(&permFromKey, "from-key", false, "grant a permission of keys that are greater than or equal to the given key using byte compare") + cmd.Flags().BoolVar(&rolePermPrefix, "prefix", false, "revoke a prefix permission") + cmd.Flags().BoolVar(&rolePermFromKey, "from-key", false, "revoke a permission of keys that are greater than or equal to the given key using byte compare") return cmd } @@ -169,27 +170,10 @@ func roleGrantPermissionCommandFunc(cmd *cobra.Command, args []string) { ExitWithError(ExitBadArgs, err) } - rangeEnd := "" - if 4 <= len(args) { - if grantPermissionPrefix { - ExitWithError(ExitBadArgs, fmt.Errorf("don't pass both of --prefix option and range end to grant permission command")) - } - - if permFromKey { - ExitWithError(ExitBadArgs, fmt.Errorf("don't pass both of --from-key option and range end to grant permission command")) - } - - rangeEnd = args[3] - } else if grantPermissionPrefix { - if permFromKey { - ExitWithError(ExitBadArgs, fmt.Errorf("don't pass both of --from-key option and --prefix option to grant permission command")) - } - - rangeEnd = clientv3.GetPrefixRangeEnd(args[2]) - } else if permFromKey { - rangeEnd = "\x00" + rangeEnd, rerr := rangeEndFromPermFlags(args[2:]) + if rerr != nil { + ExitWithError(ExitBadArgs, rerr) } - resp, err := mustClientFromCmd(cmd).Auth.RoleGrantPermission(context.TODO(), args[0], args[2], rangeEnd, perm) if err != nil { ExitWithError(ExitError, err) @@ -204,16 +188,36 @@ func roleRevokePermissionCommandFunc(cmd *cobra.Command, args []string) { ExitWithError(ExitBadArgs, fmt.Errorf("role revoke-permission command requires role name and key [endkey] as its argument.")) } - rangeEnd := "" - if 3 <= len(args) { - rangeEnd = args[2] - } else if permFromKey { - rangeEnd = "\x00" + rangeEnd, rerr := rangeEndFromPermFlags(args[1:]) + if rerr != nil { + ExitWithError(ExitBadArgs, rerr) } - resp, err := mustClientFromCmd(cmd).Auth.RoleRevokePermission(context.TODO(), args[0], args[1], rangeEnd) if err != nil { ExitWithError(ExitError, err) } display.RoleRevokePermission(args[0], args[1], rangeEnd, *resp) } + +func rangeEndFromPermFlags(args []string) (string, error) { + if len(args) == 1 { + if rolePermPrefix { + if rolePermFromKey { + return "", fmt.Errorf("--from-key and --prefix flags are mutually exclusive") + } + return clientv3.GetPrefixRangeEnd(args[0]), nil + } + if rolePermFromKey { + return "\x00", nil + } + // single key case + return "", nil + } + if rolePermPrefix { + return "", fmt.Errorf("unexpected endkey argument with --prefix flag") + } + if rolePermFromKey { + return "", fmt.Errorf("unexpected endkey argument with --from-key flag") + } + return args[1], nil +}