diff --git a/central_auth.go b/central_auth.go index a8f15f1..76571c0 100644 --- a/central_auth.go +++ b/central_auth.go @@ -14,7 +14,7 @@ import ( // centralAuth holds the logic related to handling public keys and auth maps. type centralAuth struct { // acl and authorization level related data and methods. - authorization *authorization + accessLists *accessLists // public key distribution related data and methods. pki *pki } @@ -22,8 +22,8 @@ type centralAuth struct { // newCentralAuth will return a new and prepared *centralAuth func newCentralAuth(configuration *Configuration, errorKernel *errorKernel) *centralAuth { c := centralAuth{ - authorization: newAuthorization(), - pki: newPKI(configuration, errorKernel), + accessLists: newAccessLists(), + pki: newPKI(configuration, errorKernel), } return &c diff --git a/central_auth_acl_handling.go b/central_auth_acl_handling.go index 35042d9..2e71e25 100644 --- a/central_auth_acl_handling.go +++ b/central_auth_acl_handling.go @@ -30,21 +30,7 @@ import ( // -------------------------------------- -type authorization struct { - authSchema *authSchema -} - -func newAuthorization() *authorization { - a := authorization{ - authSchema: newAuthSchema(), - } - - return &a -} - -// authSchema holds both the main schema to update by operators, -// and also the indvidual node generated data based on the main schema. -type authSchema struct { +type accessLists struct { // Holds the editable structures for ACL handling. schemaMain *schemaMain // Holds the generated based on the editable structures for ACL handling. @@ -52,8 +38,8 @@ type authSchema struct { validator *validator.Validate } -func newAuthSchema() *authSchema { - a := authSchema{ +func newAccessLists() *accessLists { + a := accessLists{ schemaMain: newSchemaMain(), schemaGenerated: newSchemaGenerated(), validator: validator.New(), @@ -118,7 +104,7 @@ type HostACLsSerializedWithHash struct { // the slice. // If the argument is not a group kind of value, then only a slice with that single // value is returned. -func (a *authSchema) nodeAsSlice(n node) []node { +func (a *accessLists) nodeAsSlice(n node) []node { nodes := []node{} // Check if we are given a nodeGroup variable, and if we are, get all the @@ -140,7 +126,7 @@ func (a *authSchema) nodeAsSlice(n node) []node { // the slice. // If the argument is not a group kind of value, then only a slice with that single // value is returned. -func (a *authSchema) commandAsSlice(c command) []command { +func (a *accessLists) commandAsSlice(c command) []command { commands := []command{} // Check if we are given a nodeGroup variable, and if we are, get all the @@ -162,7 +148,7 @@ func (a *authSchema) commandAsSlice(c command) []command { // If the node or the fromNode do not exist they will be created. // The json encoded schema for a node and the hash of those data // will also be generated. -func (a *authSchema) aclAdd(host node, source node, cmd command) { +func (a *accessLists) aclAdd(host node, source node, cmd command) { a.schemaMain.mu.Lock() defer a.schemaMain.mu.Unlock() @@ -191,7 +177,7 @@ func (a *authSchema) aclAdd(host node, source node, cmd command) { } // aclDeleteCommand will delete the specified command from the fromnode. -func (a *authSchema) aclDeleteCommand(host node, source node, cmd command) error { +func (a *accessLists) aclDeleteCommand(host node, source node, cmd command) error { a.schemaMain.mu.Lock() defer a.schemaMain.mu.Unlock() @@ -220,7 +206,7 @@ func (a *authSchema) aclDeleteCommand(host node, source node, cmd command) error } // aclDeleteSource will delete specified source node and all commands specified for it. -func (a *authSchema) aclDeleteSource(host node, source node) error { +func (a *accessLists) aclDeleteSource(host node, source node) error { a.schemaMain.mu.Lock() defer a.schemaMain.mu.Unlock() @@ -251,7 +237,7 @@ func (a *authSchema) aclDeleteSource(host node, source node) error { // and run a small state machine on each element to create the final ACL result to be used at host // nodes. // The result will be written to the schemaGenerated.ACLsToConvert map. -func (a *authSchema) generateACLsForAllNodes() error { +func (a *accessLists) generateACLsForAllNodes() error { a.schemaGenerated.mu.Lock() defer a.schemaGenerated.mu.Unlock() @@ -335,7 +321,7 @@ type sourceNodeCommands struct { // defined for each sourceNode are sorted. // This function is used when creating the hash of the nodeMap since we can not // guarantee the order of a hash map, but we can with a slice. -func (a *authSchema) nodeMapToSlice(host node) sourceNode { +func (a *accessLists) nodeMapToSlice(host node) sourceNode { srcNodes := sourceNode{ HostNode: host, } @@ -369,7 +355,7 @@ func (a *authSchema) nodeMapToSlice(host node) sourceNode { // groupNodesAddNode adds a node to a group. If the group does // not exist it will be created. -func (a *authSchema) groupNodesAddNode(ng nodeGroup, n node) { +func (a *accessLists) groupNodesAddNode(ng nodeGroup, n node) { err := a.validator.Var(ng, "startswith=grp_nodes_") if err != nil { log.Printf("error: group name do not start with grp_nodes_: %v\n", err) @@ -395,7 +381,7 @@ func (a *authSchema) groupNodesAddNode(ng nodeGroup, n node) { } // groupNodesDeleteNode deletes a node from a group in the map. -func (a *authSchema) groupNodesDeleteNode(ng nodeGroup, n node) { +func (a *accessLists) groupNodesDeleteNode(ng nodeGroup, n node) { a.schemaMain.mu.Lock() defer a.schemaMain.mu.Unlock() if _, ok := a.schemaMain.NodeGroupMap[ng][n]; !ok { @@ -416,7 +402,7 @@ func (a *authSchema) groupNodesDeleteNode(ng nodeGroup, n node) { } // groupNodesDeleteGroup deletes a nodeGroup from map. -func (a *authSchema) groupNodesDeleteGroup(ng nodeGroup) { +func (a *accessLists) groupNodesDeleteGroup(ng nodeGroup) { a.schemaMain.mu.Lock() defer a.schemaMain.mu.Unlock() if _, ok := a.schemaMain.NodeGroupMap[ng]; !ok { @@ -440,7 +426,7 @@ func (a *authSchema) groupNodesDeleteGroup(ng nodeGroup) { // groupCommandsAddCommand adds a command to a group. If the group does // not exist it will be created. -func (a *authSchema) groupCommandsAddCommand(cg commandGroup, c command) { +func (a *accessLists) groupCommandsAddCommand(cg commandGroup, c command) { err := a.validator.Var(cg, "startswith=grp_commands_") if err != nil { log.Printf("error: group name do not start with grp_commands_ : %v\n", err) @@ -466,7 +452,7 @@ func (a *authSchema) groupCommandsAddCommand(cg commandGroup, c command) { } // groupCommandsDeleteCommand deletes a command from a group in the map. -func (a *authSchema) groupCommandsDeleteCommand(cg commandGroup, c command) { +func (a *accessLists) groupCommandsDeleteCommand(cg commandGroup, c command) { a.schemaMain.mu.Lock() defer a.schemaMain.mu.Unlock() if _, ok := a.schemaMain.CommandGroupMap[cg][c]; !ok { @@ -487,7 +473,7 @@ func (a *authSchema) groupCommandsDeleteCommand(cg commandGroup, c command) { } // groupCommandDeleteGroup deletes a commandGroup map. -func (a *authSchema) groupCommandDeleteGroup(cg commandGroup) { +func (a *accessLists) groupCommandDeleteGroup(cg commandGroup) { a.schemaMain.mu.Lock() defer a.schemaMain.mu.Unlock() if _, ok := a.schemaMain.CommandGroupMap[cg]; !ok { @@ -508,7 +494,7 @@ func (a *authSchema) groupCommandDeleteGroup(cg commandGroup) { } // exportACLs will export the current content of the main ACLMap in JSON format. -func (a *authSchema) exportACLs() ([]byte, error) { +func (a *accessLists) exportACLs() ([]byte, error) { a.schemaMain.mu.Lock() defer a.schemaMain.mu.Unlock() @@ -524,7 +510,7 @@ func (a *authSchema) exportACLs() ([]byte, error) { } // importACLs will import and replace all current ACL's with the ACL's provided as input. -func (a *authSchema) importACLs(js []byte) error { +func (a *accessLists) importACLs(js []byte) error { a.schemaMain.mu.Lock() defer a.schemaMain.mu.Unlock() diff --git a/central_auth_parser.go b/central_auth_parser.go index 68250cb..3432f7b 100644 --- a/central_auth_parser.go +++ b/central_auth_parser.go @@ -6,15 +6,15 @@ import ( type authParser struct { currentHost node - authSchema *authSchema + authSchema *accessLists //ACLsToConvert map[node]map[node]map[command]struct{} } // newAuthParser returns a new authParser, with the current host node set. -func newAuthParser(n node, authSchema *authSchema) *authParser { +func newAuthParser(n node, accessLists *accessLists) *authParser { a := authParser{ currentHost: n, - authSchema: authSchema, + authSchema: accessLists, //ACLsToConvert: make(map[node]map[node]map[command]struct{}), } return &a diff --git a/central_auth_test.go b/central_auth_test.go index a222582..7a454cd 100644 --- a/central_auth_test.go +++ b/central_auth_test.go @@ -16,7 +16,7 @@ func TestACLSingleNode(t *testing.T) { log.SetOutput(io.Discard) } - a := newAuthSchema() + a := newAccessLists() a.aclAdd("ship101", "admin", "HORSE") a.aclAdd("ship101", "admin", "PIG") @@ -42,7 +42,7 @@ func TestACLWithGroups(t *testing.T) { log.SetOutput(io.Discard) } - a := newAuthSchema() + a := newAccessLists() const ( grp_nodes_operators = "grp_nodes_operators" @@ -101,7 +101,7 @@ func TestACLNodesGroupDeleteNode(t *testing.T) { log.SetOutput(io.Discard) } - a := newAuthSchema() + a := newAccessLists() const ( grp_nodes_operators = "grp_nodes_operators" @@ -158,7 +158,7 @@ func TestGroupNodesDeleteGroup(t *testing.T) { log.SetOutput(io.Discard) } - a := newAuthSchema() + a := newAccessLists() const ( grp_nodes_operators = "grp_nodes_operators" @@ -215,7 +215,7 @@ func TestGroupCommandDeleteGroup(t *testing.T) { log.SetOutput(io.Discard) } - a := newAuthSchema() + a := newAccessLists() const ( grp_nodes_operators = "grp_nodes_operators" @@ -272,7 +272,7 @@ func TestACLGenerated(t *testing.T) { log.SetOutput(io.Discard) } - a := newAuthSchema() + a := newAccessLists() a.aclAdd("ship101", "admin", "HORSE") @@ -321,7 +321,7 @@ func TestACLSchemaMainACLMap(t *testing.T) { log.SetOutput(io.Discard) } - a := newAuthSchema() + a := newAccessLists() //a.aclNodeFromnodeCommandAdd("ship101", "admin", "PIG") // fmt.Printf("---------------ADDING COMMAND-------------\n") @@ -400,7 +400,7 @@ func TestACLHash(t *testing.T) { log.SetOutput(io.Discard) } - a := newAuthSchema() + a := newAccessLists() a.aclAdd("ship101", "admin", "HORSE") @@ -417,7 +417,7 @@ func TestACLHash(t *testing.T) { } func TestACLConcurrent(t *testing.T) { - a := newAuthSchema() + a := newAccessLists() // -----------General testing and creation of some data---------------- @@ -466,7 +466,7 @@ func TestExportACLs(t *testing.T) { grp_commands_commandset1 = "grp_commands_commandset1" ) - a := newAuthSchema() + a := newAccessLists() a.groupNodesAddNode(grp_nodes_operators, "operator1") a.groupNodesAddNode(grp_nodes_operators, "operator2") @@ -501,7 +501,7 @@ func TestImportACLs(t *testing.T) { want := `map[grp_nodes_ships:map[admin:map[useradd -m kongen:{}] grp_nodes_operators:map[grp_commands_commandset1:{}]] ship101:map[admin:map[HORSE:{}]]]` - a := newAuthSchema() + a := newAccessLists() err := a.importACLs(js) if err != nil {