zoukankan      html  css  js  c++  java
  • auth.go


    package clientv3

    import (
        "fmt"
        "strings"

        "github.com/coreos/etcd/auth/authpb"
        pb "github.com/coreos/etcd/etcdserver/etcdserverpb"
        "golang.org/x/net/context"
        "google.golang.org/grpc"
    )

    type (
        AuthEnableResponse               pb.AuthEnableResponse
        AuthDisableResponse              pb.AuthDisableResponse
        AuthenticateResponse             pb.AuthenticateResponse
        AuthUserAddResponse              pb.AuthUserAddResponse
        AuthUserDeleteResponse           pb.AuthUserDeleteResponse
        AuthUserChangePasswordResponse   pb.AuthUserChangePasswordResponse
        AuthUserGrantRoleResponse        pb.AuthUserGrantRoleResponse
        AuthUserGetResponse              pb.AuthUserGetResponse
        AuthUserRevokeRoleResponse       pb.AuthUserRevokeRoleResponse
        AuthRoleAddResponse              pb.AuthRoleAddResponse
        AuthRoleGrantPermissionResponse  pb.AuthRoleGrantPermissionResponse
        AuthRoleGetResponse              pb.AuthRoleGetResponse
        AuthRoleRevokePermissionResponse pb.AuthRoleRevokePermissionResponse
        AuthRoleDeleteResponse           pb.AuthRoleDeleteResponse
        AuthUserListResponse             pb.AuthUserListResponse
        AuthRoleListResponse             pb.AuthRoleListResponse

        PermissionType authpb.Permission_Type
        Permission     authpb.Permission
    )

    const (
        PermRead      = authpb.READ
        PermWrite     = authpb.WRITE
        PermReadWrite = authpb.READWRITE
    )

    type Auth interface {
        // AuthEnable enables auth of an etcd cluster.
           //开启授权在 etcd集群中
        AuthEnable(ctx context.Context) (*AuthEnableResponse, error)

        // AuthDisable disables auth of an etcd cluster.
    //关闭授权 在集群中
        AuthDisable(ctx context.Context) (*AuthDisableResponse, error)

        // UserAdd adds a new user to an etcd cluster.
    //添加一个用户到集群中
        UserAdd(ctx context.Context, name string, password string) (*AuthUserAddResponse, error)

        // UserDelete deletes a user from an etcd cluster.
    //在集群中删除一个用户
        UserDelete(ctx context.Context, name string) (*AuthUserDeleteResponse, error)

        // UserChangePassword changes a password of a user.
    //改变集群中一个用户密码
        UserChangePassword(ctx context.Context, name string, password string) (*AuthUserChangePasswordResponse, error)

        // UserGrantRole grants a role to a user.
    //授权一个角色给一个用户
        UserGrantRole(ctx context.Context, user string, role string) (*AuthUserGrantRoleResponse, error)

        // UserGet gets a detailed information of a user.
    //得到一个用户信息信息
        UserGet(ctx context.Context, name string) (*AuthUserGetResponse, error)

        // UserList gets a list of all users.
        UserList(ctx context.Context) (*AuthUserListResponse, error)

        // UserRevokeRole revokes a role of a user.
    //撤销一个用户的角色
        UserRevokeRole(ctx context.Context, name string, role string) (*AuthUserRevokeRoleResponse, error)

        // RoleAdd adds a new role to an etcd cluster.
    //在集群中 添加一个角色
        RoleAdd(ctx context.Context, name string) (*AuthRoleAddResponse, error)

        // RoleGrantPermission grants a permission to a role.
    //授权给一个角色的操作权限
        RoleGrantPermission(ctx context.Context, name string, key, rangeEnd string, permType PermissionType) (*AuthRoleGrantPermissionResponse, error)

        // RoleGet gets a detailed information of a role.
    //获取一个角色的详细信息
        RoleGet(ctx context.Context, role string) (*AuthRoleGetResponse, error)

        // RoleList gets a list of all roles.
    //获取集群中 所有的角色列表
        RoleList(ctx context.Context) (*AuthRoleListResponse, error)

        // RoleRevokePermission revokes a permission from a role.
    //撤销一个角色对应的权限  与RoleGrantPermission  相反的操作
        RoleRevokePermission(ctx context.Context, role string, key, rangeEnd string) (*AuthRoleRevokePermissionResponse, error)

        // RoleDelete deletes a role.
    //删除一个角色
        RoleDelete(ctx context.Context, role string) (*AuthRoleDeleteResponse, error)
    }
    //授权结构体
    type auth struct {
        c *Client
        conn   *grpc.ClientConn // conn in-use
        remote pb.AuthClient
    }
    //新建一个授权对象
    func NewAuth(c *Client) Auth {
        conn := c.ActiveConnection()
        return &auth{
            conn:   c.ActiveConnection(),
            remote: pb.NewAuthClient(conn),
            c:      c,
        }
    }
    //
    func (auth *auth) AuthEnable(ctx context.Context) (*AuthEnableResponse, error) {
        resp, err := auth.remote.AuthEnable(ctx, &pb.AuthEnableRequest{}, grpc.FailFast(false))
        return (*AuthEnableResponse)(resp), toErr(ctx, err)
    }

    func (auth *auth) AuthDisable(ctx context.Context) (*AuthDisableResponse, error) {
        resp, err := auth.remote.AuthDisable(ctx, &pb.AuthDisableRequest{}, grpc.FailFast(false))
        return (*AuthDisableResponse)(resp), toErr(ctx, err)
    }

    func (auth *auth) UserAdd(ctx context.Context, name string, password string) (*AuthUserAddResponse, error) {
        resp, err := auth.remote.UserAdd(ctx, &pb.AuthUserAddRequest{Name: name, Password: password})
        return (*AuthUserAddResponse)(resp), toErr(ctx, err)
    }

    func (auth *auth) UserDelete(ctx context.Context, name string) (*AuthUserDeleteResponse, error) {
        resp, err := auth.remote.UserDelete(ctx, &pb.AuthUserDeleteRequest{Name: name})
        return (*AuthUserDeleteResponse)(resp), toErr(ctx, err)
    }

    func (auth *auth) UserChangePassword(ctx context.Context, name string, password string) (*AuthUserChangePasswordResponse, error) {
        resp, err := auth.remote.UserChangePassword(ctx, &pb.AuthUserChangePasswordRequest{Name: name, Password: password})
        return (*AuthUserChangePasswordResponse)(resp), toErr(ctx, err)
    }

    func (auth *auth) UserGrantRole(ctx context.Context, user string, role string) (*AuthUserGrantRoleResponse, error) {
        resp, err := auth.remote.UserGrantRole(ctx, &pb.AuthUserGrantRoleRequest{User: user, Role: role})
        return (*AuthUserGrantRoleResponse)(resp), toErr(ctx, err)
    }

    func (auth *auth) UserGet(ctx context.Context, name string) (*AuthUserGetResponse, error) {
        resp, err := auth.remote.UserGet(ctx, &pb.AuthUserGetRequest{Name: name}, grpc.FailFast(false))
        return (*AuthUserGetResponse)(resp), toErr(ctx, err)
    }

    func (auth *auth) UserList(ctx context.Context) (*AuthUserListResponse, error) {
        resp, err := auth.remote.UserList(ctx, &pb.AuthUserListRequest{}, grpc.FailFast(false))
        return (*AuthUserListResponse)(resp), toErr(ctx, err)
    }

    func (auth *auth) UserRevokeRole(ctx context.Context, name string, role string) (*AuthUserRevokeRoleResponse, error) {
        resp, err := auth.remote.UserRevokeRole(ctx, &pb.AuthUserRevokeRoleRequest{Name: name, Role: role})
        return (*AuthUserRevokeRoleResponse)(resp), toErr(ctx, err)
    }

    func (auth *auth) RoleAdd(ctx context.Context, name string) (*AuthRoleAddResponse, error) {
        resp, err := auth.remote.RoleAdd(ctx, &pb.AuthRoleAddRequest{Name: name})
        return (*AuthRoleAddResponse)(resp), toErr(ctx, err)
    }

    func (auth *auth) RoleGrantPermission(ctx context.Context, name string, key, rangeEnd string, permType PermissionType) (*AuthRoleGrantPermissionResponse, error) {
        perm := &authpb.Permission{
            Key:      []byte(key),
            RangeEnd: []byte(rangeEnd),
            PermType: authpb.Permission_Type(permType),
        }
        resp, err := auth.remote.RoleGrantPermission(ctx, &pb.AuthRoleGrantPermissionRequest{Name: name, Perm: perm})
        return (*AuthRoleGrantPermissionResponse)(resp), toErr(ctx, err)
    }

    func (auth *auth) RoleGet(ctx context.Context, role string) (*AuthRoleGetResponse, error) {
        resp, err := auth.remote.RoleGet(ctx, &pb.AuthRoleGetRequest{Role: role}, grpc.FailFast(false))
        return (*AuthRoleGetResponse)(resp), toErr(ctx, err)
    }

    func (auth *auth) RoleList(ctx context.Context) (*AuthRoleListResponse, error) {
        resp, err := auth.remote.RoleList(ctx, &pb.AuthRoleListRequest{}, grpc.FailFast(false))
        return (*AuthRoleListResponse)(resp), toErr(ctx, err)
    }

    func (auth *auth) RoleRevokePermission(ctx context.Context, role string, key, rangeEnd string) (*AuthRoleRevokePermissionResponse, error) {
        resp, err := auth.remote.RoleRevokePermission(ctx, &pb.AuthRoleRevokePermissionRequest{Role: role, Key: key, RangeEnd: rangeEnd})
        return (*AuthRoleRevokePermissionResponse)(resp), toErr(ctx, err)
    }

    func (auth *auth) RoleDelete(ctx context.Context, role string) (*AuthRoleDeleteResponse, error) {
        resp, err := auth.remote.RoleDelete(ctx, &pb.AuthRoleDeleteRequest{Role: role})
        return (*AuthRoleDeleteResponse)(resp), toErr(ctx, err)
    }

    func StrToPermissionType(s string) (PermissionType, error) {
        val, ok := authpb.Permission_Type_value[strings.ToUpper(s)]
        if ok {
            return PermissionType(val), nil
        }
        return PermissionType(-1), fmt.Errorf("invalid permission type: %s", s)
    }

    type authenticator struct {
        conn   *grpc.ClientConn // conn in-use
        remote pb.AuthClient
    }

    func (auth *authenticator) authenticate(ctx context.Context, name string, password string) (*AuthenticateResponse, error) {
        resp, err := auth.remote.Authenticate(ctx, &pb.AuthenticateRequest{Name: name, Password: password}, grpc.FailFast(false))
        return (*AuthenticateResponse)(resp), toErr(ctx, err)
    }

    func (auth *authenticator) close() {
        auth.conn.Close()
    }

    func newAuthenticator(endpoint string, opts []grpc.DialOption) (*authenticator, error) {
        conn, err := grpc.Dial(endpoint, opts...)
        if err != nil {
            return nil, err
        }

        return &authenticator{
            conn:   conn,
            remote: pb.NewAuthClient(conn),
        }, nil
    }

  • 相关阅读:
    Chrome表单文本框自动填充黄色背景色样式
    find_in_set的用法(某个字段包含某个字符)
    array_column()函数兼容低版本
    总结一下工作中遇到的NPOI以及在ASP.NET MVC中的使用
    网络爬虫+HtmlAgilityPack+windows服务从博客园爬取20万博文
    【原创】贡献一个JS的弹出框代码...
    .NET微信公众号开发-6.0模板消息
    .NET微信公众号开发-5.0微信支付
    .NET微信公众号开发-4.0公众号消息处理
    .NET微信公众号开发-3.0查询自定义菜单
  • 原文地址:https://www.cnblogs.com/zhangboyu/p/7452649.html
Copyright © 2011-2022 走看看