mirrors/ctrl
1
0
Fork 0
mirror of https://github.com/postmannen/ctrl.git synced 2025-03-15 10:57:42 +00:00
Code Activity

renamed authSchema type to accessLists

Browse source
This commit is contained in:
postmannen 2022-05-18 09:21:14 +02:00
parent 7554d3f378
commit 57bedfe6c6
4 changed files with 35 additions and 49 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
central_auth.go
View file

@ -14,7 +14,7 @@ import (
// centralAuth holds the logic related to handling public keys and auth maps. // centralAuth holds the logic related to handling public keys and auth maps.
type centralAuth struct { type centralAuth struct {
// acl and authorization level related data and methods. // acl and authorization level related data and methods.
authorization *authorization accessLists *accessLists
// public key distribution related data and methods. // public key distribution related data and methods.
pki *pki pki *pki
} }
@ -22,8 +22,8 @@ type centralAuth struct {
// newCentralAuth will return a new and prepared *centralAuth // newCentralAuth will return a new and prepared *centralAuth
func newCentralAuth(configuration *Configuration, errorKernel *errorKernel) *centralAuth { func newCentralAuth(configuration *Configuration, errorKernel *errorKernel) *centralAuth {
c := centralAuth{ c := centralAuth{
authorization: newAuthorization(), accessLists: newAccessLists(),
pki: newPKI(configuration, errorKernel), pki: newPKI(configuration, errorKernel),
} }
return &c return &c

50
central_auth_acl_handling.go
View file

@ -30,21 +30,7 @@ import (
// -------------------------------------- // --------------------------------------
type authorization struct { type accessLists struct {
authSchema *authSchema
}
func newAuthorization() *authorization {
a := authorization{
authSchema: newAuthSchema(),
}
return &a
}
// authSchema holds both the main schema to update by operators,
// and also the indvidual node generated data based on the main schema.
type authSchema struct {
// Holds the editable structures for ACL handling. // Holds the editable structures for ACL handling.
schemaMain *schemaMain schemaMain *schemaMain
// Holds the generated based on the editable structures for ACL handling. // Holds the generated based on the editable structures for ACL handling.
@ -52,8 +38,8 @@ type authSchema struct {
validator *validator.Validate validator *validator.Validate
} }
func newAuthSchema() *authSchema { func newAccessLists() *accessLists {
a := authSchema{ a := accessLists{
schemaMain: newSchemaMain(), schemaMain: newSchemaMain(),
schemaGenerated: newSchemaGenerated(), schemaGenerated: newSchemaGenerated(),
validator: validator.New(), validator: validator.New(),
@ -118,7 +104,7 @@ type HostACLsSerializedWithHash struct {
// the slice. // the slice.
// If the argument is not a group kind of value, then only a slice with that single // If the argument is not a group kind of value, then only a slice with that single
// value is returned. // value is returned.
func (a *authSchema) nodeAsSlice(n node) []node { func (a *accessLists) nodeAsSlice(n node) []node {
nodes := []node{} nodes := []node{}
// Check if we are given a nodeGroup variable, and if we are, get all the // Check if we are given a nodeGroup variable, and if we are, get all the
@ -140,7 +126,7 @@ func (a *authSchema) nodeAsSlice(n node) []node {
// the slice. // the slice.
// If the argument is not a group kind of value, then only a slice with that single // If the argument is not a group kind of value, then only a slice with that single
// value is returned. // value is returned.
func (a *authSchema) commandAsSlice(c command) []command { func (a *accessLists) commandAsSlice(c command) []command {
commands := []command{} commands := []command{}
// Check if we are given a nodeGroup variable, and if we are, get all the // Check if we are given a nodeGroup variable, and if we are, get all the
@ -162,7 +148,7 @@ func (a *authSchema) commandAsSlice(c command) []command {
// If the node or the fromNode do not exist they will be created. // If the node or the fromNode do not exist they will be created.
// The json encoded schema for a node and the hash of those data // The json encoded schema for a node and the hash of those data
// will also be generated. // will also be generated.
func (a *authSchema) aclAdd(host node, source node, cmd command) { func (a *accessLists) aclAdd(host node, source node, cmd command) {
a.schemaMain.mu.Lock() a.schemaMain.mu.Lock()
defer a.schemaMain.mu.Unlock() defer a.schemaMain.mu.Unlock()
@ -191,7 +177,7 @@ func (a *authSchema) aclAdd(host node, source node, cmd command) {
} }
// aclDeleteCommand will delete the specified command from the fromnode. // aclDeleteCommand will delete the specified command from the fromnode.
func (a *authSchema) aclDeleteCommand(host node, source node, cmd command) error { func (a *accessLists) aclDeleteCommand(host node, source node, cmd command) error {
a.schemaMain.mu.Lock() a.schemaMain.mu.Lock()
defer a.schemaMain.mu.Unlock() defer a.schemaMain.mu.Unlock()
@ -220,7 +206,7 @@ func (a *authSchema) aclDeleteCommand(host node, source node, cmd command) error
} }
// aclDeleteSource will delete specified source node and all commands specified for it. // aclDeleteSource will delete specified source node and all commands specified for it.
func (a *authSchema) aclDeleteSource(host node, source node) error { func (a *accessLists) aclDeleteSource(host node, source node) error {
a.schemaMain.mu.Lock() a.schemaMain.mu.Lock()
defer a.schemaMain.mu.Unlock() defer a.schemaMain.mu.Unlock()
@ -251,7 +237,7 @@ func (a *authSchema) aclDeleteSource(host node, source node) error {
// and run a small state machine on each element to create the final ACL result to be used at host // and run a small state machine on each element to create the final ACL result to be used at host
// nodes. // nodes.
// The result will be written to the schemaGenerated.ACLsToConvert map. // The result will be written to the schemaGenerated.ACLsToConvert map.
func (a *authSchema) generateACLsForAllNodes() error { func (a *accessLists) generateACLsForAllNodes() error {
a.schemaGenerated.mu.Lock() a.schemaGenerated.mu.Lock()
defer a.schemaGenerated.mu.Unlock() defer a.schemaGenerated.mu.Unlock()
@ -335,7 +321,7 @@ type sourceNodeCommands struct {
// defined for each sourceNode are sorted. // defined for each sourceNode are sorted.
// This function is used when creating the hash of the nodeMap since we can not // This function is used when creating the hash of the nodeMap since we can not
// guarantee the order of a hash map, but we can with a slice. // guarantee the order of a hash map, but we can with a slice.
func (a *authSchema) nodeMapToSlice(host node) sourceNode { func (a *accessLists) nodeMapToSlice(host node) sourceNode {
srcNodes := sourceNode{ srcNodes := sourceNode{
HostNode: host, HostNode: host,
} }
@ -369,7 +355,7 @@ func (a *authSchema) nodeMapToSlice(host node) sourceNode {
// groupNodesAddNode adds a node to a group. If the group does // groupNodesAddNode adds a node to a group. If the group does
// not exist it will be created. // not exist it will be created.
func (a *authSchema) groupNodesAddNode(ng nodeGroup, n node) { func (a *accessLists) groupNodesAddNode(ng nodeGroup, n node) {
err := a.validator.Var(ng, "startswith=grp_nodes_") err := a.validator.Var(ng, "startswith=grp_nodes_")
if err != nil { if err != nil {
log.Printf("error: group name do not start with grp_nodes_: %v\n", err) log.Printf("error: group name do not start with grp_nodes_: %v\n", err)
@ -395,7 +381,7 @@ func (a *authSchema) groupNodesAddNode(ng nodeGroup, n node) {
} }
// groupNodesDeleteNode deletes a node from a group in the map. // groupNodesDeleteNode deletes a node from a group in the map.
func (a *authSchema) groupNodesDeleteNode(ng nodeGroup, n node) { func (a *accessLists) groupNodesDeleteNode(ng nodeGroup, n node) {
a.schemaMain.mu.Lock() a.schemaMain.mu.Lock()
defer a.schemaMain.mu.Unlock() defer a.schemaMain.mu.Unlock()
if _, ok := a.schemaMain.NodeGroupMap[ng][n]; !ok { if _, ok := a.schemaMain.NodeGroupMap[ng][n]; !ok {
@ -416,7 +402,7 @@ func (a *authSchema) groupNodesDeleteNode(ng nodeGroup, n node) {
} }
// groupNodesDeleteGroup deletes a nodeGroup from map. // groupNodesDeleteGroup deletes a nodeGroup from map.
func (a *authSchema) groupNodesDeleteGroup(ng nodeGroup) { func (a *accessLists) groupNodesDeleteGroup(ng nodeGroup) {
a.schemaMain.mu.Lock() a.schemaMain.mu.Lock()
defer a.schemaMain.mu.Unlock() defer a.schemaMain.mu.Unlock()
if _, ok := a.schemaMain.NodeGroupMap[ng]; !ok { if _, ok := a.schemaMain.NodeGroupMap[ng]; !ok {
@ -440,7 +426,7 @@ func (a *authSchema) groupNodesDeleteGroup(ng nodeGroup) {
// groupCommandsAddCommand adds a command to a group. If the group does // groupCommandsAddCommand adds a command to a group. If the group does
// not exist it will be created. // not exist it will be created.
func (a *authSchema) groupCommandsAddCommand(cg commandGroup, c command) { func (a *accessLists) groupCommandsAddCommand(cg commandGroup, c command) {
err := a.validator.Var(cg, "startswith=grp_commands_") err := a.validator.Var(cg, "startswith=grp_commands_")
if err != nil { if err != nil {
log.Printf("error: group name do not start with grp_commands_ : %v\n", err) log.Printf("error: group name do not start with grp_commands_ : %v\n", err)
@ -466,7 +452,7 @@ func (a *authSchema) groupCommandsAddCommand(cg commandGroup, c command) {
} }
// groupCommandsDeleteCommand deletes a command from a group in the map. // groupCommandsDeleteCommand deletes a command from a group in the map.
func (a *authSchema) groupCommandsDeleteCommand(cg commandGroup, c command) { func (a *accessLists) groupCommandsDeleteCommand(cg commandGroup, c command) {
a.schemaMain.mu.Lock() a.schemaMain.mu.Lock()
defer a.schemaMain.mu.Unlock() defer a.schemaMain.mu.Unlock()
if _, ok := a.schemaMain.CommandGroupMap[cg][c]; !ok { if _, ok := a.schemaMain.CommandGroupMap[cg][c]; !ok {
@ -487,7 +473,7 @@ func (a *authSchema) groupCommandsDeleteCommand(cg commandGroup, c command) {
} }
// groupCommandDeleteGroup deletes a commandGroup map. // groupCommandDeleteGroup deletes a commandGroup map.
func (a *authSchema) groupCommandDeleteGroup(cg commandGroup) { func (a *accessLists) groupCommandDeleteGroup(cg commandGroup) {
a.schemaMain.mu.Lock() a.schemaMain.mu.Lock()
defer a.schemaMain.mu.Unlock() defer a.schemaMain.mu.Unlock()
if _, ok := a.schemaMain.CommandGroupMap[cg]; !ok { if _, ok := a.schemaMain.CommandGroupMap[cg]; !ok {
@ -508,7 +494,7 @@ func (a *authSchema) groupCommandDeleteGroup(cg commandGroup) {
} }
// exportACLs will export the current content of the main ACLMap in JSON format. // exportACLs will export the current content of the main ACLMap in JSON format.
func (a *authSchema) exportACLs() ([]byte, error) { func (a *accessLists) exportACLs() ([]byte, error) {
a.schemaMain.mu.Lock() a.schemaMain.mu.Lock()
defer a.schemaMain.mu.Unlock() defer a.schemaMain.mu.Unlock()
@ -524,7 +510,7 @@ func (a *authSchema) exportACLs() ([]byte, error) {
} }
// importACLs will import and replace all current ACL's with the ACL's provided as input. // importACLs will import and replace all current ACL's with the ACL's provided as input.
func (a *authSchema) importACLs(js []byte) error { func (a *accessLists) importACLs(js []byte) error {
a.schemaMain.mu.Lock() a.schemaMain.mu.Lock()
defer a.schemaMain.mu.Unlock() defer a.schemaMain.mu.Unlock()

6
central_auth_parser.go
View file

@ -6,15 +6,15 @@ import (
type authParser struct { type authParser struct {
currentHost node currentHost node
authSchema *authSchema authSchema *accessLists
//ACLsToConvert map[node]map[node]map[command]struct{} //ACLsToConvert map[node]map[node]map[command]struct{}
} }
// newAuthParser returns a new authParser, with the current host node set. // newAuthParser returns a new authParser, with the current host node set.
func newAuthParser(n node, authSchema *authSchema) *authParser { func newAuthParser(n node, accessLists *accessLists) *authParser {
a := authParser{ a := authParser{
currentHost: n, currentHost: n,
authSchema: authSchema, authSchema: accessLists,
//ACLsToConvert: make(map[node]map[node]map[command]struct{}), //ACLsToConvert: make(map[node]map[node]map[command]struct{}),
} }
return &a return &a

22
central_auth_test.go
View file

@ -16,7 +16,7 @@ func TestACLSingleNode(t *testing.T) {
log.SetOutput(io.Discard) log.SetOutput(io.Discard)
} }
a := newAuthSchema() a := newAccessLists()
a.aclAdd("ship101", "admin", "HORSE") a.aclAdd("ship101", "admin", "HORSE")
a.aclAdd("ship101", "admin", "PIG") a.aclAdd("ship101", "admin", "PIG")
@ -42,7 +42,7 @@ func TestACLWithGroups(t *testing.T) {
log.SetOutput(io.Discard) log.SetOutput(io.Discard)
} }
a := newAuthSchema() a := newAccessLists()
const ( const (
grp_nodes_operators = "grp_nodes_operators" grp_nodes_operators = "grp_nodes_operators"
@ -101,7 +101,7 @@ func TestACLNodesGroupDeleteNode(t *testing.T) {
log.SetOutput(io.Discard) log.SetOutput(io.Discard)
} }
a := newAuthSchema() a := newAccessLists()
const ( const (
grp_nodes_operators = "grp_nodes_operators" grp_nodes_operators = "grp_nodes_operators"
@ -158,7 +158,7 @@ func TestGroupNodesDeleteGroup(t *testing.T) {
log.SetOutput(io.Discard) log.SetOutput(io.Discard)
} }
a := newAuthSchema() a := newAccessLists()
const ( const (
grp_nodes_operators = "grp_nodes_operators" grp_nodes_operators = "grp_nodes_operators"
@ -215,7 +215,7 @@ func TestGroupCommandDeleteGroup(t *testing.T) {
log.SetOutput(io.Discard) log.SetOutput(io.Discard)
} }
a := newAuthSchema() a := newAccessLists()
const ( const (
grp_nodes_operators = "grp_nodes_operators" grp_nodes_operators = "grp_nodes_operators"
@ -272,7 +272,7 @@ func TestACLGenerated(t *testing.T) {
log.SetOutput(io.Discard) log.SetOutput(io.Discard)
} }
a := newAuthSchema() a := newAccessLists()
a.aclAdd("ship101", "admin", "HORSE") a.aclAdd("ship101", "admin", "HORSE")
@ -321,7 +321,7 @@ func TestACLSchemaMainACLMap(t *testing.T) {
log.SetOutput(io.Discard) log.SetOutput(io.Discard)
} }
a := newAuthSchema() a := newAccessLists()
//a.aclNodeFromnodeCommandAdd("ship101", "admin", "PIG") //a.aclNodeFromnodeCommandAdd("ship101", "admin", "PIG")
// fmt.Printf("---------------ADDING COMMAND-------------\n") // fmt.Printf("---------------ADDING COMMAND-------------\n")
@ -400,7 +400,7 @@ func TestACLHash(t *testing.T) {
log.SetOutput(io.Discard) log.SetOutput(io.Discard)
} }
a := newAuthSchema() a := newAccessLists()
a.aclAdd("ship101", "admin", "HORSE") a.aclAdd("ship101", "admin", "HORSE")
@ -417,7 +417,7 @@ func TestACLHash(t *testing.T) {
} }
func TestACLConcurrent(t *testing.T) { func TestACLConcurrent(t *testing.T) {
a := newAuthSchema() a := newAccessLists()
// -----------General testing and creation of some data---------------- // -----------General testing and creation of some data----------------
@ -466,7 +466,7 @@ func TestExportACLs(t *testing.T) {
grp_commands_commandset1 = "grp_commands_commandset1" grp_commands_commandset1 = "grp_commands_commandset1"
) )
a := newAuthSchema() a := newAccessLists()
a.groupNodesAddNode(grp_nodes_operators, "operator1") a.groupNodesAddNode(grp_nodes_operators, "operator1")
a.groupNodesAddNode(grp_nodes_operators, "operator2") a.groupNodesAddNode(grp_nodes_operators, "operator2")
@ -501,7 +501,7 @@ func TestImportACLs(t *testing.T) {
want := `map[grp_nodes_ships:map[admin:map[useradd -m kongen:{}] grp_nodes_operators:map[grp_commands_commandset1:{}]] ship101:map[admin:map[HORSE:{}]]]` want := `map[grp_nodes_ships:map[admin:map[useradd -m kongen:{}] grp_nodes_operators:map[grp_commands_commandset1:{}]] ship101:map[admin:map[HORSE:{}]]]`
a := newAuthSchema() a := newAccessLists()
err := a.importACLs(js) err := a.importACLs(js)
if err != nil { if err != nil {