2022-05-11 07:13:13 +02:00
|
|
|
package steward
|
|
|
|
|
|
|
|
import (
|
|
|
|
"strings"
|
|
|
|
)
|
|
|
|
|
|
|
|
type authParser struct {
|
2022-05-18 11:26:06 +02:00
|
|
|
currentHost Node
|
|
|
|
accessLists *accessLists
|
2022-05-11 07:13:13 +02:00
|
|
|
//ACLsToConvert map[node]map[node]map[command]struct{}
|
|
|
|
}
|
|
|
|
|
|
|
|
// newAuthParser returns a new authParser, with the current host node set.
|
2022-05-18 11:26:06 +02:00
|
|
|
func newAuthParser(n Node, accessLists *accessLists) *authParser {
|
2022-05-11 07:13:13 +02:00
|
|
|
a := authParser{
|
|
|
|
currentHost: n,
|
2022-05-18 11:26:06 +02:00
|
|
|
accessLists: accessLists,
|
2022-05-11 07:13:13 +02:00
|
|
|
//ACLsToConvert: make(map[node]map[node]map[command]struct{}),
|
|
|
|
}
|
|
|
|
return &a
|
|
|
|
}
|
|
|
|
|
|
|
|
type parseFn func() parseFn
|
|
|
|
|
|
|
|
// parse will parse one host or one host group.
|
|
|
|
func (a *authParser) parse() {
|
|
|
|
fn := a.hostGroupOrSingle()
|
|
|
|
for {
|
|
|
|
fn = fn()
|
|
|
|
if fn == nil {
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
// hostGroupOrSingle checks if host grp or single node.
|
|
|
|
func (a *authParser) hostGroupOrSingle() parseFn {
|
|
|
|
switch {
|
|
|
|
case strings.HasPrefix(string(a.currentHost), "grp_nodes_"):
|
|
|
|
// Is group
|
|
|
|
return a.hostIsGroup
|
|
|
|
default:
|
|
|
|
// Is single node
|
|
|
|
return a.hostIsNotGroup
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// hostIsGroup
|
|
|
|
func (a *authParser) hostIsGroup() parseFn {
|
|
|
|
// fmt.Printf("%v is a grp type\n", a.currentHost)
|
|
|
|
|
2022-05-18 11:26:06 +02:00
|
|
|
hosts := a.accessLists.nodeAsSlice(a.currentHost)
|
2022-05-11 07:13:13 +02:00
|
|
|
|
2022-05-18 11:26:06 +02:00
|
|
|
for source, cmdMap := range a.accessLists.schemaMain.ACLMap[a.currentHost] {
|
2022-05-11 07:13:13 +02:00
|
|
|
|
|
|
|
for cmd, emptyStruct := range cmdMap {
|
2022-05-18 11:26:06 +02:00
|
|
|
cmdSlice := a.accessLists.commandAsSlice(cmd)
|
2022-05-11 07:13:13 +02:00
|
|
|
|
|
|
|
// Expand eventual groups, so we use real fromNode nodenames in ACL for nodes.
|
2022-05-18 11:26:06 +02:00
|
|
|
sourceNodes := a.accessLists.nodeAsSlice(source)
|
2022-05-11 07:13:13 +02:00
|
|
|
for _, sourceNode := range sourceNodes {
|
|
|
|
for _, host := range hosts {
|
|
|
|
|
|
|
|
for _, cm := range cmdSlice {
|
2022-05-18 11:26:06 +02:00
|
|
|
if a.accessLists.schemaGenerated.ACLsToConvert[host] == nil {
|
|
|
|
a.accessLists.schemaGenerated.ACLsToConvert[host] = make(map[Node]map[command]struct{})
|
2022-05-11 07:13:13 +02:00
|
|
|
}
|
2022-05-18 11:26:06 +02:00
|
|
|
if a.accessLists.schemaGenerated.ACLsToConvert[host][sourceNode] == nil {
|
|
|
|
a.accessLists.schemaGenerated.ACLsToConvert[host][sourceNode] = make(map[command]struct{})
|
2022-05-11 07:13:13 +02:00
|
|
|
}
|
|
|
|
|
2022-05-18 11:26:06 +02:00
|
|
|
a.accessLists.schemaGenerated.ACLsToConvert[host][sourceNode][cm] = emptyStruct
|
2022-05-11 07:13:13 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// fmt.Printf(" * ACLsToConvert=%+v\n", a.authSchema.schemaGenerated.ACLsToConvert)
|
|
|
|
// Done with host. Return nil will make the main loop take the next host in the main for loop.
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// hostIsNotGroup
|
|
|
|
func (a *authParser) hostIsNotGroup() parseFn {
|
|
|
|
// fmt.Printf("%v is a single node type\n", a.currentHost)
|
|
|
|
|
|
|
|
host := a.currentHost
|
|
|
|
|
2022-05-18 11:26:06 +02:00
|
|
|
for source, cmdMap := range a.accessLists.schemaMain.ACLMap[a.currentHost] {
|
2022-05-11 07:13:13 +02:00
|
|
|
|
|
|
|
for cmd, emptyStruct := range cmdMap {
|
2022-05-18 11:26:06 +02:00
|
|
|
cmdSlice := a.accessLists.commandAsSlice(cmd)
|
2022-05-11 07:13:13 +02:00
|
|
|
|
|
|
|
// Expand eventual groups, so we use real fromNode nodenames in ACL for nodes.
|
2022-05-18 11:26:06 +02:00
|
|
|
sourceNodes := a.accessLists.nodeAsSlice(source)
|
2022-05-11 07:13:13 +02:00
|
|
|
for _, sourceNode := range sourceNodes {
|
|
|
|
|
|
|
|
for _, cm := range cmdSlice {
|
2022-05-18 11:26:06 +02:00
|
|
|
if a.accessLists.schemaGenerated.ACLsToConvert[host] == nil {
|
|
|
|
a.accessLists.schemaGenerated.ACLsToConvert[host] = make(map[Node]map[command]struct{})
|
2022-05-11 07:13:13 +02:00
|
|
|
}
|
2022-05-18 11:26:06 +02:00
|
|
|
if a.accessLists.schemaGenerated.ACLsToConvert[host][sourceNode] == nil {
|
|
|
|
a.accessLists.schemaGenerated.ACLsToConvert[host][sourceNode] = make(map[command]struct{})
|
2022-05-11 07:13:13 +02:00
|
|
|
}
|
|
|
|
|
2022-05-18 11:26:06 +02:00
|
|
|
a.accessLists.schemaGenerated.ACLsToConvert[host][sourceNode][cm] = emptyStruct
|
2022-05-11 07:13:13 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// fmt.Printf(" * ACLsToConvert contains: %+v\n", a.authSchema.schemaGenerated.ACLsToConvert)
|
|
|
|
|
|
|
|
// Done with host. Return nil will make the main loop take the next host in the main for loop.
|
|
|
|
return nil
|
|
|
|
}
|