added acl generations for working with groups

2024-12-14 12:37:31 +00:00 · 2022-05-10 08:57:10 +02:00 · 2022-05-10 08:57:10 +02:00 · ea735406bd
commit ea735406bd
parent 718b7fb7d6
2 changed files with 40 additions and 14 deletions
--- a/doc/concept/auth/main.go
+++ b/doc/concept/auth/main.go
@ -378,6 +378,12 @@ func (a *authSchema) groupNodesAddNode(ng nodeGroup, n node) {

 	// fmt.Printf(" * groupNodesAddNode: After adding to group node looks like: %+v\n", a.schemaMain.NodeGroupMap)

+	err = a.generateACLsForAllNodes()
+	if err != nil {
+		er := fmt.Errorf("error: groupNodesAddNode: %v", err)
+		log.Printf("%v\n", er)
+	}
+
 }

 // groupNodesDeleteNode deletes a node from a group in the map.
@ -393,6 +399,12 @@ func (a *authSchema) groupNodesDeleteNode(ng nodeGroup, n node) {

 	//fmt.Printf(" * After deleting nodeGroup map looks like: %+v\n", a.schemaMain.NodeGroupMap)

+	err := a.generateACLsForAllNodes()
+	if err != nil {
+		er := fmt.Errorf("error: groupNodesDeleteNode: %v", err)
+		log.Printf("%v\n", er)
+	}
+
 }

 // groupNodesDeleteGroup deletes a nodeGroup from map.
@ -408,6 +420,12 @@ func (a *authSchema) groupNodesDeleteGroup(ng nodeGroup) {

 	//fmt.Printf(" * After deleting nodeGroup map looks like: %+v\n", a.schemaMain.NodeGroupMap)

+	err := a.generateACLsForAllNodes()
+	if err != nil {
+		er := fmt.Errorf("error: groupNodesDeleteGroup: %v", err)
+		log.Printf("%v\n", er)
+	}
+
 }

 // -----
@ -431,6 +449,12 @@ func (a *authSchema) groupCommandsAddCommand(cg commandGroup, c command) {

 	//fmt.Printf(" * groupCommandsAddCommand: After adding command=%v to command group=%v map looks like: %+v\n", c, cg, a.schemaMain.CommandGroupMap)

+	err = a.generateACLsForAllNodes()
+	if err != nil {
+		er := fmt.Errorf("error: groupCommandsAddCommand: %v", err)
+		log.Printf("%v\n", er)
+	}
+
 }

 // groupCommandsDeleteCommand deletes a command from a group in the map.
@ -446,6 +470,12 @@ func (a *authSchema) groupCommandsDeleteCommand(cg commandGroup, c command) {

 	//fmt.Printf(" * After deleting command=%v from group=%v map looks like: %+v\n", c, cg, a.schemaMain.CommandGroupMap)

+	err := a.generateACLsForAllNodes()
+	if err != nil {
+		er := fmt.Errorf("error: groupCommandsDeleteCommand: %v", err)
+		log.Printf("%v\n", er)
+	}
+
 }

 // groupCommandDeleteGroup deletes a commandGroup map.
@ -461,6 +491,12 @@ func (a *authSchema) groupCommandDeleteGroup(cg commandGroup) {

 	//fmt.Printf(" * After deleting commandGroup=%v map looks like: %+v\n", cg, a.schemaMain.CommandGroupMap)

+	err := a.generateACLsForAllNodes()
+	if err != nil {
+		er := fmt.Errorf("error: groupCommandDeleteGroup: %v", err)
+		log.Printf("%v\n", er)
+	}
+
 }

 // printMaps will print the auth maps for testing output.
--- a/doc/concept/auth/main_test.go
+++ b/doc/concept/auth/main_test.go
@ -68,18 +68,6 @@ func TestACLWithGroups(t *testing.T) {

 	c.authorization.authSchema.aclAdd(grp_nodes_ships, grp_nodes_operators, grp_commands_commandset1)

-	// --- Tests ---
-
-	//if _, ok := c.authorization.authSchema.schemaMain.ACLMap[grp_nodes_ships][grp_nodes_operators][grp_cmds_commandset1]; !ok {
-	//	t.Fatal(" \U0001F631  [FAILED]: missing map entry")
-	//}
-
-	// Also check the generated data for the nodes.
-
-	// if _, ok := c.authorization.authSchema.schemaMain.ACLMap[grp_nodes_ships]["admin"]["useradd -m kongen"]; !ok {
-	// 	t.Fatal(" \U0001F631  [FAILED]: missing map entry")
-	// }
-
 	mapOfFromNodeCommands := make(map[node]map[command]struct{})
 	err := cbor.Unmarshal(c.authorization.authSchema.schemaGenerated.GeneratedACLsMap["ship101"].Data, &mapOfFromNodeCommands)
 	if err != nil {
@ -128,6 +116,8 @@ func TestACLGenerated(t *testing.T) {
 	c.authorization.authSchema.groupCommandsAddCommand("grp_commands_test", "dmesg")
 	c.authorization.authSchema.aclAdd("grp_nodes_ships", "admin", "grp_commands_test")

+	c.authorization.authSchema.groupCommandsDeleteCommand("grp_commands_test", "echo")
+
 	// --- TESTS ---

 	mapOfFromNodeCommands := make(map[node]map[command]struct{})
@ -148,8 +138,8 @@ func TestACLGenerated(t *testing.T) {
 		t.Fatalf(" \U0001F631  [FAILED]: missing map entry: HEN: Content of Map: %v", mapOfFromNodeCommands)
 	}

-	if _, ok := mapOfFromNodeCommands["admin"]["echo"]; !ok {
-		t.Fatalf(" \U0001F631  [FAILED]: missing map entry: echo: Content of Map: %v", mapOfFromNodeCommands)
+	if _, ok := mapOfFromNodeCommands["admin"]["echo"]; ok {
+		t.Fatalf(" \U0001F631  [FAILED]: should not contain map entry: echo: Content of Map: %v", mapOfFromNodeCommands)
 	}

 	if _, ok := mapOfFromNodeCommands["admin"]["dmesg"]; !ok {