From 5c9dbae7f8d6a685ab3d0a691f0a44780375d786 Mon Sep 17 00:00:00 2001 From: postmannen Date: Wed, 11 May 2022 05:25:46 +0200 Subject: [PATCH] added import and export method of main ACLMap --- doc/concept/auth/main.go | 50 ++++++++++++++++++++------------ doc/concept/auth/main_test.go | 54 +++++++++++++++++++++++++++++++++++ 2 files changed, 85 insertions(+), 19 deletions(-) diff --git a/doc/concept/auth/main.go b/doc/concept/auth/main.go index 073a180..8cf9cc6 100644 --- a/doc/concept/auth/main.go +++ b/doc/concept/auth/main.go @@ -2,6 +2,7 @@ package main import ( "crypto/sha256" + "encoding/json" "fmt" "log" "os" @@ -499,26 +500,37 @@ func (a *authSchema) groupCommandDeleteGroup(cg commandGroup) { } -// printMaps will print the auth maps for testing output. -func (c *centralAuth) printMaps() { - { - fmt.Println("\n-----------------PRINTING OUT MAPS------------------------") +// exportACLs will export the current content of the main ACLMap in JSON format. +func (a *authSchema) exportACLs() ([]byte, error) { - fmt.Println("----schemaMain------") - c.authorization.authSchema.schemaMain.mu.Lock() - for k, v := range c.authorization.authSchema.schemaMain.ACLMap { - fmt.Printf("%v: %+v\n", k, v) - } - c.authorization.authSchema.schemaMain.mu.Unlock() + a.schemaMain.mu.Lock() + defer a.schemaMain.mu.Unlock() + + js, err := json.Marshal(a.schemaMain.ACLMap) + if err != nil { + return nil, fmt.Errorf("error: failed to marshal schemaMain.ACLMap: %v", err) - fmt.Println("----schemaGenerated------") - c.authorization.authSchema.schemaGenerated.mu.Lock() - for k, v := range c.authorization.authSchema.schemaGenerated.GeneratedACLsMap { - fmt.Printf("node: %v, NodeDataSerialized: %v\n", k, string(v.Data)) - fmt.Printf("node: %v, Hash: %v\n", k, v.Hash) - } - c.authorization.authSchema.schemaGenerated.mu.Unlock() } - fmt.Println("-----------------END OF PRINTING OUT MAPS------------------------") - fmt.Println() + + return js, nil + +} + +// importACLs will import and replace all current ACL's with the ACL's provided as input. +func (a *authSchema) importACLs(js []byte) error { + + a.schemaMain.mu.Lock() + defer a.schemaMain.mu.Unlock() + + m := make(map[node]map[node]map[command]struct{}) + + err := json.Unmarshal(js, &m) + if err != nil { + return fmt.Errorf("error: failed to unmarshal into ACLMap: %v", err) + } + + a.schemaMain.ACLMap = m + + return nil + } diff --git a/doc/concept/auth/main_test.go b/doc/concept/auth/main_test.go index 714cd28..a5385f3 100644 --- a/doc/concept/auth/main_test.go +++ b/doc/concept/auth/main_test.go @@ -462,3 +462,57 @@ func TestACLConcurrent(t *testing.T) { } wg.Wait() } + +func TestExportACLs(t *testing.T) { + const ( + grp_nodes_operators = "grp_nodes_operators" + grp_nodes_ships = "grp_nodes_ships" + grp_commands_commandset1 = "grp_commands_commandset1" + ) + + c := newCentralAuth() + + c.authorization.authSchema.groupNodesAddNode(grp_nodes_operators, "operator1") + c.authorization.authSchema.groupNodesAddNode(grp_nodes_operators, "operator2") + + c.authorization.authSchema.groupNodesAddNode(grp_nodes_ships, "ship100") + c.authorization.authSchema.groupNodesAddNode(grp_nodes_ships, "ship101") + + c.authorization.authSchema.groupCommandsAddCommand(grp_commands_commandset1, "dmesg") + c.authorization.authSchema.groupCommandsAddCommand(grp_commands_commandset1, "date") + + c.authorization.authSchema.aclAdd(grp_nodes_ships, "admin", "useradd -m kongen") + c.authorization.authSchema.aclAdd("ship101", "admin", "HORSE") + + c.authorization.authSchema.aclAdd(grp_nodes_ships, grp_nodes_operators, grp_commands_commandset1) + + js, err := c.authorization.authSchema.exportACLs() + if err != nil { + t.Fatalf("%v", err) + } + + want := `{"grp_nodes_ships":{"admin":{"useradd -m kongen":{}},"grp_nodes_operators":{"grp_commands_commandset1":{}}},"ship101":{"admin":{"HORSE":{}}}}` + + if string(js) != string(want) { + t.Fatalf("error: export does not match with what we want\n") + } +} + +func TestImportACLs(t *testing.T) { + // js := `{"grp_nodes_ships":{"admin":{"useradd -m kongen":{}},"grp_nodes_operators":{"grp_commands_commandset1":{}}},"ship101":{"admin":{"HORSE":{}}}` + + js := []byte{0x7b, 0x22, 0x67, 0x72, 0x70, 0x5f, 0x6e, 0x6f, 0x64, 0x65, 0x73, 0x5f, 0x73, 0x68, 0x69, 0x70, 0x73, 0x22, 0x3a, 0x7b, 0x22, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x22, 0x3a, 0x7b, 0x22, 0x75, 0x73, 0x65, 0x72, 0x61, 0x64, 0x64, 0x20, 0x2d, 0x6d, 0x20, 0x6b, 0x6f, 0x6e, 0x67, 0x65, 0x6e, 0x22, 0x3a, 0x7b, 0x7d, 0x7d, 0x2c, 0x22, 0x67, 0x72, 0x70, 0x5f, 0x6e, 0x6f, 0x64, 0x65, 0x73, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x73, 0x22, 0x3a, 0x7b, 0x22, 0x67, 0x72, 0x70, 0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x73, 0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x73, 0x65, 0x74, 0x31, 0x22, 0x3a, 0x7b, 0x7d, 0x7d, 0x7d, 0x2c, 0x22, 0x73, 0x68, 0x69, 0x70, 0x31, 0x30, 0x31, 0x22, 0x3a, 0x7b, 0x22, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x22, 0x3a, 0x7b, 0x22, 0x48, 0x4f, 0x52, 0x53, 0x45, 0x22, 0x3a, 0x7b, 0x7d, 0x7d, 0x7d, 0x7d} + + want := `map[grp_nodes_ships:map[admin:map[useradd -m kongen:{}] grp_nodes_operators:map[grp_commands_commandset1:{}]] ship101:map[admin:map[HORSE:{}]]]` + + c := newCentralAuth() + + err := c.authorization.authSchema.importACLs(js) + if err != nil { + t.Fatalf("%v", err) + } + + if fmt.Sprintf("%v", c.authorization.authSchema.schemaMain.ACLMap) != want { + t.Fatalf("error: import does not match with what we want\n") + } +}