added import and export method of main ACLMap

2024-12-14 12:37:31 +00:00 · 2022-05-11 05:25:46 +02:00 · 2022-05-11 05:25:46 +02:00 · 5c9dbae7f8
commit 5c9dbae7f8
parent 5102b7c3a2
2 changed files with 85 additions and 19 deletions
--- a/doc/concept/auth/main.go
+++ b/doc/concept/auth/main.go
@ -2,6 +2,7 @@ package main

 import (
 	"crypto/sha256"
+	"encoding/json"
 	"fmt"
 	"log"
 	"os"
@ -499,26 +500,37 @@ func (a *authSchema) groupCommandDeleteGroup(cg commandGroup) {

 }

-// printMaps will print the auth maps for testing output.
-func (c *centralAuth) printMaps() {
-	{
-		fmt.Println("\n-----------------PRINTING OUT MAPS------------------------")
+// exportACLs will export the current content of the main ACLMap in JSON format.
+func (a *authSchema) exportACLs() ([]byte, error) {

-		fmt.Println("----schemaMain------")
-		c.authorization.authSchema.schemaMain.mu.Lock()
-		for k, v := range c.authorization.authSchema.schemaMain.ACLMap {
-			fmt.Printf("%v: %+v\n", k, v)
-		}
-		c.authorization.authSchema.schemaMain.mu.Unlock()
+	a.schemaMain.mu.Lock()
+	defer a.schemaMain.mu.Unlock()
+
+	js, err := json.Marshal(a.schemaMain.ACLMap)
+	if err != nil {
+		return nil, fmt.Errorf("error: failed to marshal schemaMain.ACLMap: %v", err)

-		fmt.Println("----schemaGenerated------")
-		c.authorization.authSchema.schemaGenerated.mu.Lock()
-		for k, v := range c.authorization.authSchema.schemaGenerated.GeneratedACLsMap {
-			fmt.Printf("node: %v, NodeDataSerialized: %v\n", k, string(v.Data))
-			fmt.Printf("node: %v, Hash: %v\n", k, v.Hash)
-		}
-		c.authorization.authSchema.schemaGenerated.mu.Unlock()
 	}
-	fmt.Println("-----------------END OF PRINTING OUT MAPS------------------------")
-	fmt.Println()
+
+	return js, nil
+
+}
+
+// importACLs will import and replace all current ACL's with the ACL's provided as input.
+func (a *authSchema) importACLs(js []byte) error {
+
+	a.schemaMain.mu.Lock()
+	defer a.schemaMain.mu.Unlock()
+
+	m := make(map[node]map[node]map[command]struct{})
+
+	err := json.Unmarshal(js, &m)
+	if err != nil {
+		return fmt.Errorf("error: failed to unmarshal into ACLMap: %v", err)
+	}
+
+	a.schemaMain.ACLMap = m
+
+	return nil
+
 }
--- a/doc/concept/auth/main_test.go
+++ b/doc/concept/auth/main_test.go
@ -462,3 +462,57 @@ func TestACLConcurrent(t *testing.T) {
 	}
 	wg.Wait()
 }
+
+func TestExportACLs(t *testing.T) {
+	const (
+		grp_nodes_operators      = "grp_nodes_operators"
+		grp_nodes_ships          = "grp_nodes_ships"
+		grp_commands_commandset1 = "grp_commands_commandset1"
+	)
+
+	c := newCentralAuth()
+
+	c.authorization.authSchema.groupNodesAddNode(grp_nodes_operators, "operator1")
+	c.authorization.authSchema.groupNodesAddNode(grp_nodes_operators, "operator2")
+
+	c.authorization.authSchema.groupNodesAddNode(grp_nodes_ships, "ship100")
+	c.authorization.authSchema.groupNodesAddNode(grp_nodes_ships, "ship101")
+
+	c.authorization.authSchema.groupCommandsAddCommand(grp_commands_commandset1, "dmesg")
+	c.authorization.authSchema.groupCommandsAddCommand(grp_commands_commandset1, "date")
+
+	c.authorization.authSchema.aclAdd(grp_nodes_ships, "admin", "useradd -m kongen")
+	c.authorization.authSchema.aclAdd("ship101", "admin", "HORSE")
+
+	c.authorization.authSchema.aclAdd(grp_nodes_ships, grp_nodes_operators, grp_commands_commandset1)
+
+	js, err := c.authorization.authSchema.exportACLs()
+	if err != nil {
+		t.Fatalf("%v", err)
+	}
+
+	want := `{"grp_nodes_ships":{"admin":{"useradd -m kongen":{}},"grp_nodes_operators":{"grp_commands_commandset1":{}}},"ship101":{"admin":{"HORSE":{}}}}`
+
+	if string(js) != string(want) {
+		t.Fatalf("error: export does not match with what we want\n")
+	}
+}
+
+func TestImportACLs(t *testing.T) {
+	// js := `{"grp_nodes_ships":{"admin":{"useradd -m kongen":{}},"grp_nodes_operators":{"grp_commands_commandset1":{}}},"ship101":{"admin":{"HORSE":{}}}`
+
+	js := []byte{0x7b, 0x22, 0x67, 0x72, 0x70, 0x5f, 0x6e, 0x6f, 0x64, 0x65, 0x73, 0x5f, 0x73, 0x68, 0x69, 0x70, 0x73, 0x22, 0x3a, 0x7b, 0x22, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x22, 0x3a, 0x7b, 0x22, 0x75, 0x73, 0x65, 0x72, 0x61, 0x64, 0x64, 0x20, 0x2d, 0x6d, 0x20, 0x6b, 0x6f, 0x6e, 0x67, 0x65, 0x6e, 0x22, 0x3a, 0x7b, 0x7d, 0x7d, 0x2c, 0x22, 0x67, 0x72, 0x70, 0x5f, 0x6e, 0x6f, 0x64, 0x65, 0x73, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x73, 0x22, 0x3a, 0x7b, 0x22, 0x67, 0x72, 0x70, 0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x73, 0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x73, 0x65, 0x74, 0x31, 0x22, 0x3a, 0x7b, 0x7d, 0x7d, 0x7d, 0x2c, 0x22, 0x73, 0x68, 0x69, 0x70, 0x31, 0x30, 0x31, 0x22, 0x3a, 0x7b, 0x22, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x22, 0x3a, 0x7b, 0x22, 0x48, 0x4f, 0x52, 0x53, 0x45, 0x22, 0x3a, 0x7b, 0x7d, 0x7d, 0x7d, 0x7d}
+
+	want := `map[grp_nodes_ships:map[admin:map[useradd -m kongen:{}] grp_nodes_operators:map[grp_commands_commandset1:{}]] ship101:map[admin:map[HORSE:{}]]]`
+
+	c := newCentralAuth()
+
+	err := c.authorization.authSchema.importACLs(js)
+	if err != nil {
+		t.Fatalf("%v", err)
+	}
+
+	if fmt.Sprintf("%v", c.authorization.authSchema.schemaMain.ACLMap) != want {
+		t.Fatalf("error: import does not match with what we want\n")
+	}
+}