auth.go

時間 2019-11-26

標籤 auth.go auth 简体版

原文原文鏈接

package clientv3

import (

    "fmt"

    "strings"

    "github.com/coreos/etcd/auth/authpb"

    pb "github.com/coreos/etcd/etcdserver/etcdserverpb"

    "golang.org/x/net/context"

    "google.golang.org/grpc"

type (

    AuthEnableResponse               pb.AuthEnableResponse

    AuthDisableResponse              pb.AuthDisableResponse

    AuthenticateResponse             pb.AuthenticateResponse

    AuthUserAddResponse              pb.AuthUserAddResponse

    AuthUserDeleteResponse           pb.AuthUserDeleteResponse

    AuthUserChangePasswordResponse   pb.AuthUserChangePasswordResponse

    AuthUserGrantRoleResponse        pb.AuthUserGrantRoleResponse

    AuthUserGetResponse              pb.AuthUserGetResponse

    AuthUserRevokeRoleResponse       pb.AuthUserRevokeRoleResponse

    AuthRoleAddResponse              pb.AuthRoleAddResponse

    AuthRoleGrantPermissionResponse  pb.AuthRoleGrantPermissionResponse

    AuthRoleGetResponse              pb.AuthRoleGetResponse

    AuthRoleRevokePermissionResponse pb.AuthRoleRevokePermissionResponse

    AuthRoleDeleteResponse           pb.AuthRoleDeleteResponse

    AuthUserListResponse             pb.AuthUserListResponse

    AuthRoleListResponse             pb.AuthRoleListResponse

    PermissionType authpb.Permission_Type

    Permission     authpb.Permission

const (

    PermRead      = authpb.READ

    PermWrite     = authpb.WRITE

    PermReadWrite = authpb.READWRITE

type Auth interface {

    // AuthEnable enables auth of an etcd cluster.

       //開啓受權在 etcd集羣中

    AuthEnable(ctx context.Context) (*AuthEnableResponse, error)

    // AuthDisable disables auth of an etcd cluster.

//關閉受權 在集羣中

    AuthDisable(ctx context.Context) (*AuthDisableResponse, error)

    // UserAdd adds a new user to an etcd cluster.

//添加一個用戶到集羣中

    UserAdd(ctx context.Context, name string, password string) (*AuthUserAddResponse, error)

    // UserDelete deletes a user from an etcd cluster.

//在集羣中刪除一個用戶

    UserDelete(ctx context.Context, name string) (*AuthUserDeleteResponse, error)

    // UserChangePassword changes a password of a user.

//改變集羣中一個用戶密碼

    UserChangePassword(ctx context.Context, name string, password string) (*AuthUserChangePasswordResponse, error)

    // UserGrantRole grants a role to a user.

//受權一個角色給一個用戶

    UserGrantRole(ctx context.Context, user string, role string) (*AuthUserGrantRoleResponse, error)

    // UserGet gets a detailed information of a user.

//獲得一個用戶信息信息

    UserGet(ctx context.Context, name string) (*AuthUserGetResponse, error)

    // UserList gets a list of all users.

    UserList(ctx context.Context) (*AuthUserListResponse, error)

    // UserRevokeRole revokes a role of a user.

//撤銷一個用戶的角色

    UserRevokeRole(ctx context.Context, name string, role string) (*AuthUserRevokeRoleResponse, error)

    // RoleAdd adds a new role to an etcd cluster.

//在集羣中 添加一個角色

    RoleAdd(ctx context.Context, name string) (*AuthRoleAddResponse, error)

    // RoleGrantPermission grants a permission to a role.

//受權給一個角色的操做權限

    RoleGrantPermission(ctx context.Context, name string, key, rangeEnd string, permType PermissionType) (*AuthRoleGrantPermissionResponse, error)

    // RoleGet gets a detailed information of a role.

//獲取一個角色的詳細信息

    RoleGet(ctx context.Context, role string) (*AuthRoleGetResponse, error)

    // RoleList gets a list of all roles.

//獲取集羣中 全部的角色列表

    RoleList(ctx context.Context) (*AuthRoleListResponse, error)

    // RoleRevokePermission revokes a permission from a role.

//撤銷一個角色對應的權限  與RoleGrantPermission  相反的操做

    RoleRevokePermission(ctx context.Context, role string, key, rangeEnd string) (*AuthRoleRevokePermissionResponse, error)

    // RoleDelete deletes a role.

//刪除一個角色

    RoleDelete(ctx context.Context, role string) (*AuthRoleDeleteResponse, error)

//受權結構體

type auth struct {

    c *Client

    conn   *grpc.ClientConn // conn in-use

    remote pb.AuthClient

//新建一個受權對象

func NewAuth(c *Client) Auth {

    conn := c.ActiveConnection()

    return &auth{

        conn:   c.ActiveConnection(),

        remote: pb.NewAuthClient(conn),

        c:      c,

//

func (auth *auth) AuthEnable(ctx context.Context) (*AuthEnableResponse, error) {

    resp, err := auth.remote.AuthEnable(ctx, &pb.AuthEnableRequest{}, grpc.FailFast(false))

    return (*AuthEnableResponse)(resp), toErr(ctx, err)

func (auth *auth) AuthDisable(ctx context.Context) (*AuthDisableResponse, error) {

    resp, err := auth.remote.AuthDisable(ctx, &pb.AuthDisableRequest{}, grpc.FailFast(false))

    return (*AuthDisableResponse)(resp), toErr(ctx, err)

func (auth *auth) UserAdd(ctx context.Context, name string, password string) (*AuthUserAddResponse, error) {

    resp, err := auth.remote.UserAdd(ctx, &pb.AuthUserAddRequest{Name: name, Password: password})

    return (*AuthUserAddResponse)(resp), toErr(ctx, err)

func (auth *auth) UserDelete(ctx context.Context, name string) (*AuthUserDeleteResponse, error) {

    resp, err := auth.remote.UserDelete(ctx, &pb.AuthUserDeleteRequest{Name: name})

    return (*AuthUserDeleteResponse)(resp), toErr(ctx, err)

func (auth *auth) UserChangePassword(ctx context.Context, name string, password string) (*AuthUserChangePasswordResponse, error) {

    resp, err := auth.remote.UserChangePassword(ctx, &pb.AuthUserChangePasswordRequest{Name: name, Password: password})

    return (*AuthUserChangePasswordResponse)(resp), toErr(ctx, err)

func (auth *auth) UserGrantRole(ctx context.Context, user string, role string) (*AuthUserGrantRoleResponse, error) {

    resp, err := auth.remote.UserGrantRole(ctx, &pb.AuthUserGrantRoleRequest{User: user, Role: role})

    return (*AuthUserGrantRoleResponse)(resp), toErr(ctx, err)

func (auth *auth) UserGet(ctx context.Context, name string) (*AuthUserGetResponse, error) {

    resp, err := auth.remote.UserGet(ctx, &pb.AuthUserGetRequest{Name: name}, grpc.FailFast(false))

    return (*AuthUserGetResponse)(resp), toErr(ctx, err)

func (auth *auth) UserList(ctx context.Context) (*AuthUserListResponse, error) {

    resp, err := auth.remote.UserList(ctx, &pb.AuthUserListRequest{}, grpc.FailFast(false))

    return (*AuthUserListResponse)(resp), toErr(ctx, err)

func (auth *auth) UserRevokeRole(ctx context.Context, name string, role string) (*AuthUserRevokeRoleResponse, error) {

    resp, err := auth.remote.UserRevokeRole(ctx, &pb.AuthUserRevokeRoleRequest{Name: name, Role: role})

    return (*AuthUserRevokeRoleResponse)(resp), toErr(ctx, err)

func (auth *auth) RoleAdd(ctx context.Context, name string) (*AuthRoleAddResponse, error) {

    resp, err := auth.remote.RoleAdd(ctx, &pb.AuthRoleAddRequest{Name: name})

    return (*AuthRoleAddResponse)(resp), toErr(ctx, err)

func (auth *auth) RoleGrantPermission(ctx context.Context, name string, key, rangeEnd string, permType PermissionType) (*AuthRoleGrantPermissionResponse, error) {

    perm := &authpb.Permission{

        Key:      []byte(key),

        RangeEnd: []byte(rangeEnd),

        PermType: authpb.Permission_Type(permType),

    resp, err := auth.remote.RoleGrantPermission(ctx, &pb.AuthRoleGrantPermissionRequest{Name: name, Perm: perm})

    return (*AuthRoleGrantPermissionResponse)(resp), toErr(ctx, err)

func (auth *auth) RoleGet(ctx context.Context, role string) (*AuthRoleGetResponse, error) {

    resp, err := auth.remote.RoleGet(ctx, &pb.AuthRoleGetRequest{Role: role}, grpc.FailFast(false))

    return (*AuthRoleGetResponse)(resp), toErr(ctx, err)

func (auth *auth) RoleList(ctx context.Context) (*AuthRoleListResponse, error) {

    resp, err := auth.remote.RoleList(ctx, &pb.AuthRoleListRequest{}, grpc.FailFast(false))

    return (*AuthRoleListResponse)(resp), toErr(ctx, err)

func (auth *auth) RoleRevokePermission(ctx context.Context, role string, key, rangeEnd string) (*AuthRoleRevokePermissionResponse, error) {

    resp, err := auth.remote.RoleRevokePermission(ctx, &pb.AuthRoleRevokePermissionRequest{Role: role, Key: key, RangeEnd: rangeEnd})

    return (*AuthRoleRevokePermissionResponse)(resp), toErr(ctx, err)

func (auth *auth) RoleDelete(ctx context.Context, role string) (*AuthRoleDeleteResponse, error) {

    resp, err := auth.remote.RoleDelete(ctx, &pb.AuthRoleDeleteRequest{Role: role})

    return (*AuthRoleDeleteResponse)(resp), toErr(ctx, err)

func StrToPermissionType(s string) (PermissionType, error) {

    val, ok := authpb.Permission_Type_value[strings.ToUpper(s)]

    if ok {

        return PermissionType(val), nil

    return PermissionType(-1), fmt.Errorf("invalid permission type: %s", s)

type authenticator struct {

    conn   *grpc.ClientConn // conn in-use

    remote pb.AuthClient

func (auth *authenticator) authenticate(ctx context.Context, name string, password string) (*AuthenticateResponse, error) {

    resp, err := auth.remote.Authenticate(ctx, &pb.AuthenticateRequest{Name: name, Password: password}, grpc.FailFast(false))

    return (*AuthenticateResponse)(resp), toErr(ctx, err)

func (auth *authenticator) close() {

    auth.conn.Close()

func newAuthenticator(endpoint string, opts []grpc.DialOption) (*authenticator, error) {

    conn, err := grpc.Dial(endpoint, opts...)

    if err != nil {

        return nil, err

    return &authenticator{

        conn:   conn,

        remote: pb.NewAuthClient(conn),

    }, nil

相關標籤/搜索

auth.go

每日一句

每一个你不满意的现在，都有一个你没有努力的曾经。