Merge pull request #7958 from heyitsanthony/perm-prefix

etcdctl: improve role --prefix flag
2024-09-27 06:25:44 +00:00 · 2017-05-22 12:19:16 -07:00 · 2017-05-22 12:19:16 -07:00 · f75e333264
commit f75e333264
parent 378bac79e1 2f1467cb27
2 changed files with 53 additions and 32 deletions
--- a/etcdctl/README.md
+++ b/etcdctl/README.md
@ -961,25 +961,42 @@ RPC: RoleGrantPermission

 #### Options

+- from-key -- grant a permission of keys that are greater than or equal to the given key using byte compare
+
 - prefix -- grant a prefix permission

-#### Ouptut
+#### Output

 `Role <role name> updated`.

 #### Examples

+Grant read and write permission on the key `foo` to role `myrole`:
+
 ```bash
 ./etcdctl --user=root:123 role grant-permission myrole readwrite foo
 # Role myrole updated
 ```

+Grant read permission on the wildcard key pattern `foo/*` to role `myrole`:
+
+```bash
+./etcdctl --user=root:123 role grant-permission --prefix myrole readwrite foo/
+# Role myrole updated
+```
+
 ### ROLE REVOKE-PERMISSION \<role name\> \<permission type\> \<key\> [endkey]

 `role revoke-permission` revokes a key from a role.

 RPC: RoleRevokePermission

+#### Options
+
+- from-key -- revoke a permission of keys that are greater than or equal to the given key using byte compare
+
+- prefix -- revoke a prefix permission
+
 #### Output

 `Permission of key <key> is revoked from role <role name>` for single key. `Permission of range [<key>, <endkey>) is revoked from role <role name>` for a key range. Exit code is zero.
--- a/etcdctl/ctlv3/command/role_command.go
+++ b/etcdctl/ctlv3/command/role_command.go
@ -23,8 +23,8 @@ import (
 )

 var (
-	grantPermissionPrefix bool
-	permFromKey           bool
+	rolePermPrefix  bool
+	rolePermFromKey bool
 )

 // NewRoleCommand returns the cobra command for "role".
@ -83,8 +83,8 @@ func newRoleGrantPermissionCommand() *cobra.Command {
 		Run:   roleGrantPermissionCommandFunc,
 	}

-	cmd.Flags().BoolVar(&grantPermissionPrefix, "prefix", false, "grant a prefix permission")
-	cmd.Flags().BoolVar(&permFromKey, "from-key", false, "grant a permission of keys that are greater than or equal to the given key using byte compare")
+	cmd.Flags().BoolVar(&rolePermPrefix, "prefix", false, "grant a prefix permission")
+	cmd.Flags().BoolVar(&rolePermFromKey, "from-key", false, "grant a permission of keys that are greater than or equal to the given key using byte compare")

 	return cmd
 }
@ -96,7 +96,8 @@ func newRoleRevokePermissionCommand() *cobra.Command {
 		Run:   roleRevokePermissionCommandFunc,
 	}

-	cmd.Flags().BoolVar(&permFromKey, "from-key", false, "grant a permission of keys that are greater than or equal to the given key using byte compare")
+	cmd.Flags().BoolVar(&rolePermPrefix, "prefix", false, "revoke a prefix permission")
+	cmd.Flags().BoolVar(&rolePermFromKey, "from-key", false, "revoke a permission of keys that are greater than or equal to the given key using byte compare")

 	return cmd
 }
@ -169,27 +170,10 @@ func roleGrantPermissionCommandFunc(cmd *cobra.Command, args []string) {
 		ExitWithError(ExitBadArgs, err)
 	}

-	rangeEnd := ""
-	if 4 <= len(args) {
-		if grantPermissionPrefix {
-			ExitWithError(ExitBadArgs, fmt.Errorf("don't pass both of --prefix option and range end to grant permission command"))
-		}
-
-		if permFromKey {
-			ExitWithError(ExitBadArgs, fmt.Errorf("don't pass both of --from-key option and range end to grant permission command"))
-		}
-
-		rangeEnd = args[3]
-	} else if grantPermissionPrefix {
-		if permFromKey {
-			ExitWithError(ExitBadArgs, fmt.Errorf("don't pass both of --from-key option and --prefix option to grant permission command"))
-		}
-
-		rangeEnd = clientv3.GetPrefixRangeEnd(args[2])
-	} else if permFromKey {
-		rangeEnd = "\x00"
+	rangeEnd, rerr := rangeEndFromPermFlags(args[2:])
+	if rerr != nil {
+		ExitWithError(ExitBadArgs, rerr)
 	}
-
 	resp, err := mustClientFromCmd(cmd).Auth.RoleGrantPermission(context.TODO(), args[0], args[2], rangeEnd, perm)
 	if err != nil {
 		ExitWithError(ExitError, err)
@ -204,16 +188,36 @@ func roleRevokePermissionCommandFunc(cmd *cobra.Command, args []string) {
 		ExitWithError(ExitBadArgs, fmt.Errorf("role revoke-permission command requires role name and key [endkey] as its argument."))
 	}

-	rangeEnd := ""
-	if 3 <= len(args) {
-		rangeEnd = args[2]
-	} else if permFromKey {
-		rangeEnd = "\x00"
+	rangeEnd, rerr := rangeEndFromPermFlags(args[1:])
+	if rerr != nil {
+		ExitWithError(ExitBadArgs, rerr)
 	}
-
 	resp, err := mustClientFromCmd(cmd).Auth.RoleRevokePermission(context.TODO(), args[0], args[1], rangeEnd)
 	if err != nil {
 		ExitWithError(ExitError, err)
 	}
 	display.RoleRevokePermission(args[0], args[1], rangeEnd, *resp)
 }
+
+func rangeEndFromPermFlags(args []string) (string, error) {
+	if len(args) == 1 {
+		if rolePermPrefix {
+			if rolePermFromKey {
+				return "", fmt.Errorf("--from-key and --prefix flags are mutually exclusive")
+			}
+			return clientv3.GetPrefixRangeEnd(args[0]), nil
+		}
+		if rolePermFromKey {
+			return "\x00", nil
+		}
+		// single key case
+		return "", nil
+	}
+	if rolePermPrefix {
+		return "", fmt.Errorf("unexpected endkey argument with --prefix flag")
+	}
+	if rolePermFromKey {
+		return "", fmt.Errorf("unexpected endkey argument with --from-key flag")
+	}
+	return args[1], nil
+}