diff --git a/doc/concept/auth/auth_parser.go b/doc/concept/auth/auth_parser.go index 88771d6..2ac24ac 100644 --- a/doc/concept/auth/auth_parser.go +++ b/doc/concept/auth/auth_parser.go @@ -1,7 +1,6 @@ package main import ( - "fmt" "strings" ) @@ -49,7 +48,7 @@ func (a *authParser) hostGroupOrSingle() parseFn { // hostIsGroup func (a *authParser) hostIsGroup() parseFn { - fmt.Printf("%v is a grp type\n", a.currentHost) + // fmt.Printf("%v is a grp type\n", a.currentHost) hosts := a.authSchema.convToActualNodeSlice(a.currentHost) @@ -78,14 +77,14 @@ func (a *authParser) hostIsGroup() parseFn { } } - fmt.Printf(" * ACLsToConvert=%+v\n", a.authSchema.schemaGenerated.ACLsToConvert) + // fmt.Printf(" * ACLsToConvert=%+v\n", a.authSchema.schemaGenerated.ACLsToConvert) // Done with host. Return nil will make the main loop take the next host in the main for loop. return nil } // hostIsNotGroup func (a *authParser) hostIsNotGroup() parseFn { - fmt.Printf("%v is a single node type\n", a.currentHost) + // fmt.Printf("%v is a single node type\n", a.currentHost) host := a.currentHost @@ -112,7 +111,7 @@ func (a *authParser) hostIsNotGroup() parseFn { } } - fmt.Printf(" * ACLsToConvert contains: %+v\n", a.authSchema.schemaGenerated.ACLsToConvert) + // fmt.Printf(" * ACLsToConvert contains: %+v\n", a.authSchema.schemaGenerated.ACLsToConvert) // Done with host. Return nil will make the main loop take the next host in the main for loop. return nil diff --git a/doc/concept/auth/main.go b/doc/concept/auth/main.go index b805747..447750d 100644 --- a/doc/concept/auth/main.go +++ b/doc/concept/auth/main.go @@ -1,6 +1,7 @@ package main import ( + "crypto/sha256" "encoding/json" "fmt" "log" @@ -265,10 +266,25 @@ func (a *authSchema) generateJSONForAllNodes() error { os.Exit(1) } + hash := func() [32]byte { + sns := a.nodeMapToSlice(n) + + js, err := json.Marshal(sns) + if err != nil { + err := fmt.Errorf("error: authSchema, json for hash: %v", err) + log.Printf("%v\n", err) + return [32]byte{} + } + + hash := sha256.Sum256(js) + return hash + }() + nd := NodeDataWithHash{ Data: b, // TODO: Also add the hash here. // Hash: [32]byte, + Hash: hash, } a.schemaGenerated.NodeMap[n] = nd @@ -294,26 +310,26 @@ type sourceCommands struct { // defined for each fromNode are sorted. // This function is used when creating the hash of the nodeMap since we can not // guarantee the order of a hash map, but we can with a slice. -func (a *authSchema) nodeMapToSlice(n node) sourceNodes { +func (a *authSchema) nodeMapToSlice(host node) sourceNodes { srcNodes := sourceNodes{ - Node: n, + Node: host, } - for sn, commandMap := range a.schemaMain.ACLMap[n] { - fnc := sourceCommands{ + for sn, commandMap := range a.schemaGenerated.ACLsToConvert[host] { + srcC := sourceCommands{ Source: sn, } for cmd := range commandMap { - fnc.Commands = append(fnc.Commands, cmd) + srcC.Commands = append(srcC.Commands, cmd) } // sort.Strings(fnc.Commands) - sort.SliceStable(fnc.Commands, func(i, j int) bool { - return fnc.Commands[i] < fnc.Commands[j] + sort.SliceStable(srcC.Commands, func(i, j int) bool { + return srcC.Commands[i] < srcC.Commands[j] }) - srcNodes.SourceCommands = append(srcNodes.SourceCommands, fnc) + srcNodes.SourceCommands = append(srcNodes.SourceCommands, srcC) } sort.SliceStable(srcNodes.SourceCommands, func(i, j int) bool { diff --git a/doc/concept/auth/main_test.go b/doc/concept/auth/main_test.go index 0676e5a..77d1ed6 100644 --- a/doc/concept/auth/main_test.go +++ b/doc/concept/auth/main_test.go @@ -1,6 +1,7 @@ package main import ( + "bytes" "encoding/json" "flag" "fmt" @@ -227,3 +228,23 @@ func TestSchemaMainACLMap(t *testing.T) { } // --- TESTS --- } + +func TestHash(t *testing.T) { + if !*logging { + log.SetOutput(io.Discard) + } + + c := newCentralAuth() + + c.authorization.authSchema.aclAdd("ship101", "admin", "HORSE") + + c.authorization.authSchema.groupNodesAddNode("grp_nodes_ships", "ship101") + c.authorization.authSchema.aclAdd("grp_nodes_ships", "admin", "HEN") + + hash := [32]uint8{0xe6, 0xe9, 0xf3, 0x25, 0x36, 0x48, 0x53, 0x4, 0xb4, 0x9a, 0xfd, 0x7f, 0x53, 0x85, 0x4c, 0x95, 0x62, 0xa9, 0x49, 0x23, 0x25, 0x1c, 0xee, 0xc5, 0x3b, 0xf5, 0xd5, 0x3, 0xf7, 0x9e, 0xb7, 0x3c} + value := c.authorization.authSchema.schemaGenerated.NodeMap["ship101"].Hash + + if bytes.Equal(hash[:], value[:]) == false { + t.Fatalf(" \U0001F631 [FAILED]: hash mismatch") + } +}