Mirroristas/etcd
2
0
Fork 0
mirror of https://github.com/etcd-io/etcd.git synced 2024-09-27 06:25:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7958 from heyitsanthony/perm-prefix

Browse Source 
etcdctl: improve role --prefix flag
This commit is contained in:
Anthony Romano 2017-05-22 12:19:16 -07:00 committed by GitHub
commit f75e333264
2 changed files with 53 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
etcdctl/README.md
View File

@ -961,25 +961,42 @@ RPC: RoleGrantPermission
#### Options #### Options
- from-key -- grant a permission of keys that are greater than or equal to the given key using byte compare
- prefix -- grant a prefix permission - prefix -- grant a prefix permission
#### Ouptut #### Output
`Role <role name> updated`. `Role <role name> updated`.
#### Examples #### Examples
Grant read and write permission on the key `foo` to role `myrole`:
```bash ```bash
./etcdctl --user=root:123 role grant-permission myrole readwrite foo ./etcdctl --user=root:123 role grant-permission myrole readwrite foo
# Role myrole updated # Role myrole updated
``` ```
Grant read permission on the wildcard key pattern `foo/*` to role `myrole`:
```bash
./etcdctl --user=root:123 role grant-permission --prefix myrole readwrite foo/
# Role myrole updated
```
### ROLE REVOKE-PERMISSION \<role name\> \<permission type\> \<key\> [endkey] ### ROLE REVOKE-PERMISSION \<role name\> \<permission type\> \<key\> [endkey]
`role revoke-permission` revokes a key from a role. `role revoke-permission` revokes a key from a role.
RPC: RoleRevokePermission RPC: RoleRevokePermission
#### Options
- from-key -- revoke a permission of keys that are greater than or equal to the given key using byte compare
- prefix -- revoke a prefix permission
#### Output #### Output
`Permission of key <key> is revoked from role <role name>` for single key. `Permission of range [<key>, <endkey>) is revoked from role <role name>` for a key range. Exit code is zero. `Permission of key <key> is revoked from role <role name>` for single key. `Permission of range [<key>, <endkey>) is revoked from role <role name>` for a key range. Exit code is zero.

66
etcdctl/ctlv3/command/role_command.go
View File

@ -23,8 +23,8 @@ import (
) )
var ( var (
grantPermissionPrefix bool rolePermPrefix bool
permFromKey bool rolePermFromKey bool
) )
// NewRoleCommand returns the cobra command for "role". // NewRoleCommand returns the cobra command for "role".
@ -83,8 +83,8 @@ func newRoleGrantPermissionCommand() *cobra.Command {
Run: roleGrantPermissionCommandFunc, Run: roleGrantPermissionCommandFunc,
} }
cmd.Flags().BoolVar(&grantPermissionPrefix, "prefix", false, "grant a prefix permission") cmd.Flags().BoolVar(&rolePermPrefix, "prefix", false, "grant a prefix permission")
cmd.Flags().BoolVar(&permFromKey, "from-key", false, "grant a permission of keys that are greater than or equal to the given key using byte compare") cmd.Flags().BoolVar(&rolePermFromKey, "from-key", false, "grant a permission of keys that are greater than or equal to the given key using byte compare")
return cmd return cmd
} }
@ -96,7 +96,8 @@ func newRoleRevokePermissionCommand() *cobra.Command {
Run: roleRevokePermissionCommandFunc, Run: roleRevokePermissionCommandFunc,
} }
cmd.Flags().BoolVar(&permFromKey, "from-key", false, "grant a permission of keys that are greater than or equal to the given key using byte compare") cmd.Flags().BoolVar(&rolePermPrefix, "prefix", false, "revoke a prefix permission")
cmd.Flags().BoolVar(&rolePermFromKey, "from-key", false, "revoke a permission of keys that are greater than or equal to the given key using byte compare")
return cmd return cmd
} }
@ -169,27 +170,10 @@ func roleGrantPermissionCommandFunc(cmd *cobra.Command, args []string) {
ExitWithError(ExitBadArgs, err) ExitWithError(ExitBadArgs, err)
} }
rangeEnd := "" rangeEnd, rerr := rangeEndFromPermFlags(args[2:])
if 4 <= len(args) { if rerr != nil {
if grantPermissionPrefix { ExitWithError(ExitBadArgs, rerr)
ExitWithError(ExitBadArgs, fmt.Errorf("don't pass both of --prefix option and range end to grant permission command"))
} }
if permFromKey {
ExitWithError(ExitBadArgs, fmt.Errorf("don't pass both of --from-key option and range end to grant permission command"))
}
rangeEnd = args[3]
} else if grantPermissionPrefix {
if permFromKey {
ExitWithError(ExitBadArgs, fmt.Errorf("don't pass both of --from-key option and --prefix option to grant permission command"))
}
rangeEnd = clientv3.GetPrefixRangeEnd(args[2])
} else if permFromKey {
rangeEnd = "\x00"
}
resp, err := mustClientFromCmd(cmd).Auth.RoleGrantPermission(context.TODO(), args[0], args[2], rangeEnd, perm) resp, err := mustClientFromCmd(cmd).Auth.RoleGrantPermission(context.TODO(), args[0], args[2], rangeEnd, perm)
if err != nil { if err != nil {
ExitWithError(ExitError, err) ExitWithError(ExitError, err)
@ -204,16 +188,36 @@ func roleRevokePermissionCommandFunc(cmd *cobra.Command, args []string) {
ExitWithError(ExitBadArgs, fmt.Errorf("role revoke-permission command requires role name and key [endkey] as its argument.")) ExitWithError(ExitBadArgs, fmt.Errorf("role revoke-permission command requires role name and key [endkey] as its argument."))
} }
rangeEnd := "" rangeEnd, rerr := rangeEndFromPermFlags(args[1:])
if 3 <= len(args) { if rerr != nil {
rangeEnd = args[2] ExitWithError(ExitBadArgs, rerr)
} else if permFromKey {
rangeEnd = "\x00"
} }
resp, err := mustClientFromCmd(cmd).Auth.RoleRevokePermission(context.TODO(), args[0], args[1], rangeEnd) resp, err := mustClientFromCmd(cmd).Auth.RoleRevokePermission(context.TODO(), args[0], args[1], rangeEnd)
if err != nil { if err != nil {
ExitWithError(ExitError, err) ExitWithError(ExitError, err)
} }
display.RoleRevokePermission(args[0], args[1], rangeEnd, *resp) display.RoleRevokePermission(args[0], args[1], rangeEnd, *resp)
} }
func rangeEndFromPermFlags(args []string) (string, error) {
if len(args) == 1 {
if rolePermPrefix {
if rolePermFromKey {
return "", fmt.Errorf("--from-key and --prefix flags are mutually exclusive")
}
return clientv3.GetPrefixRangeEnd(args[0]), nil
}
if rolePermFromKey {
return "\x00", nil
}
// single key case
return "", nil
}
if rolePermPrefix {
return "", fmt.Errorf("unexpected endkey argument with --prefix flag")
}
if rolePermFromKey {
return "", fmt.Errorf("unexpected endkey argument with --from-key flag")
}
return args[1], nil
}