1
0
Fork 0
mirror of https://github.com/postmannen/ctrl.git synced 2025-01-18 13:49:29 +00:00
ctrl/central_auth_parser.go

119 lines
3.3 KiB
Go
Raw Normal View History

2022-05-11 07:13:13 +02:00
package steward
import (
"strings"
)
type authParser struct {
2022-05-18 11:26:06 +02:00
currentHost Node
accessLists *accessLists
2022-05-11 07:13:13 +02:00
//ACLsToConvert map[node]map[node]map[command]struct{}
}
// newAuthParser returns a new authParser, with the current host node set.
2022-05-18 11:26:06 +02:00
func newAuthParser(n Node, accessLists *accessLists) *authParser {
2022-05-11 07:13:13 +02:00
a := authParser{
currentHost: n,
2022-05-18 11:26:06 +02:00
accessLists: accessLists,
2022-05-11 07:13:13 +02:00
//ACLsToConvert: make(map[node]map[node]map[command]struct{}),
}
return &a
}
type parseFn func() parseFn
// parse will parse one host or one host group.
func (a *authParser) parse() {
fn := a.hostGroupOrSingle()
for {
fn = fn()
if fn == nil {
break
}
}
}
// hostGroupOrSingle checks if host grp or single node.
func (a *authParser) hostGroupOrSingle() parseFn {
switch {
case strings.HasPrefix(string(a.currentHost), "grp_nodes_") || a.currentHost == "*":
2022-05-11 07:13:13 +02:00
// Is group
return a.hostIsGroup
default:
// Is single node
return a.hostIsNotGroup
}
}
// hostIsGroup
func (a *authParser) hostIsGroup() parseFn {
// fmt.Printf("%v is a grp type\n", a.currentHost)
2022-05-18 11:26:06 +02:00
hosts := a.accessLists.nodeAsSlice(a.currentHost)
2022-05-11 07:13:13 +02:00
2022-05-18 11:26:06 +02:00
for source, cmdMap := range a.accessLists.schemaMain.ACLMap[a.currentHost] {
2022-05-11 07:13:13 +02:00
for cmd, emptyStruct := range cmdMap {
2022-05-18 11:26:06 +02:00
cmdSlice := a.accessLists.commandAsSlice(cmd)
2022-05-11 07:13:13 +02:00
// Expand eventual groups, so we use real fromNode nodenames in ACL for nodes.
2022-05-18 11:26:06 +02:00
sourceNodes := a.accessLists.nodeAsSlice(source)
2022-05-11 07:13:13 +02:00
for _, sourceNode := range sourceNodes {
for _, host := range hosts {
for _, cm := range cmdSlice {
2022-05-18 11:26:06 +02:00
if a.accessLists.schemaGenerated.ACLsToConvert[host] == nil {
a.accessLists.schemaGenerated.ACLsToConvert[host] = make(map[Node]map[command]struct{})
2022-05-11 07:13:13 +02:00
}
2022-05-18 11:26:06 +02:00
if a.accessLists.schemaGenerated.ACLsToConvert[host][sourceNode] == nil {
a.accessLists.schemaGenerated.ACLsToConvert[host][sourceNode] = make(map[command]struct{})
2022-05-11 07:13:13 +02:00
}
2022-05-18 11:26:06 +02:00
a.accessLists.schemaGenerated.ACLsToConvert[host][sourceNode][cm] = emptyStruct
2022-05-11 07:13:13 +02:00
}
}
}
}
}
// fmt.Printf(" * ACLsToConvert=%+v\n", a.authSchema.schemaGenerated.ACLsToConvert)
// Done with host. Return nil will make the main loop take the next host in the main for loop.
return nil
}
// hostIsNotGroup
func (a *authParser) hostIsNotGroup() parseFn {
// fmt.Printf("%v is a single node type\n", a.currentHost)
host := a.currentHost
2022-05-18 11:26:06 +02:00
for source, cmdMap := range a.accessLists.schemaMain.ACLMap[a.currentHost] {
2022-05-11 07:13:13 +02:00
for cmd, emptyStruct := range cmdMap {
2022-05-18 11:26:06 +02:00
cmdSlice := a.accessLists.commandAsSlice(cmd)
2022-05-11 07:13:13 +02:00
// Expand eventual groups, so we use real fromNode nodenames in ACL for nodes.
2022-05-18 11:26:06 +02:00
sourceNodes := a.accessLists.nodeAsSlice(source)
2022-05-11 07:13:13 +02:00
for _, sourceNode := range sourceNodes {
for _, cm := range cmdSlice {
2022-05-18 11:26:06 +02:00
if a.accessLists.schemaGenerated.ACLsToConvert[host] == nil {
a.accessLists.schemaGenerated.ACLsToConvert[host] = make(map[Node]map[command]struct{})
2022-05-11 07:13:13 +02:00
}
2022-05-18 11:26:06 +02:00
if a.accessLists.schemaGenerated.ACLsToConvert[host][sourceNode] == nil {
a.accessLists.schemaGenerated.ACLsToConvert[host][sourceNode] = make(map[command]struct{})
2022-05-11 07:13:13 +02:00
}
2022-05-18 11:26:06 +02:00
a.accessLists.schemaGenerated.ACLsToConvert[host][sourceNode][cm] = emptyStruct
2022-05-11 07:13:13 +02:00
}
}
}
}
// fmt.Printf(" * ACLsToConvert contains: %+v\n", a.authSchema.schemaGenerated.ACLsToConvert)
// Done with host. Return nil will make the main loop take the next host in the main for loop.
return nil
}