diff --git a/doc/concept/auth/main.go b/doc/concept/auth/main.go index 71a8474..87197e5 100644 --- a/doc/concept/auth/main.go +++ b/doc/concept/auth/main.go @@ -378,6 +378,12 @@ func (a *authSchema) groupNodesAddNode(ng nodeGroup, n node) { // fmt.Printf(" * groupNodesAddNode: After adding to group node looks like: %+v\n", a.schemaMain.NodeGroupMap) + err = a.generateACLsForAllNodes() + if err != nil { + er := fmt.Errorf("error: groupNodesAddNode: %v", err) + log.Printf("%v\n", er) + } + } // groupNodesDeleteNode deletes a node from a group in the map. @@ -393,6 +399,12 @@ func (a *authSchema) groupNodesDeleteNode(ng nodeGroup, n node) { //fmt.Printf(" * After deleting nodeGroup map looks like: %+v\n", a.schemaMain.NodeGroupMap) + err := a.generateACLsForAllNodes() + if err != nil { + er := fmt.Errorf("error: groupNodesDeleteNode: %v", err) + log.Printf("%v\n", er) + } + } // groupNodesDeleteGroup deletes a nodeGroup from map. @@ -408,6 +420,12 @@ func (a *authSchema) groupNodesDeleteGroup(ng nodeGroup) { //fmt.Printf(" * After deleting nodeGroup map looks like: %+v\n", a.schemaMain.NodeGroupMap) + err := a.generateACLsForAllNodes() + if err != nil { + er := fmt.Errorf("error: groupNodesDeleteGroup: %v", err) + log.Printf("%v\n", er) + } + } // ----- @@ -431,6 +449,12 @@ func (a *authSchema) groupCommandsAddCommand(cg commandGroup, c command) { //fmt.Printf(" * groupCommandsAddCommand: After adding command=%v to command group=%v map looks like: %+v\n", c, cg, a.schemaMain.CommandGroupMap) + err = a.generateACLsForAllNodes() + if err != nil { + er := fmt.Errorf("error: groupCommandsAddCommand: %v", err) + log.Printf("%v\n", er) + } + } // groupCommandsDeleteCommand deletes a command from a group in the map. @@ -446,6 +470,12 @@ func (a *authSchema) groupCommandsDeleteCommand(cg commandGroup, c command) { //fmt.Printf(" * After deleting command=%v from group=%v map looks like: %+v\n", c, cg, a.schemaMain.CommandGroupMap) + err := a.generateACLsForAllNodes() + if err != nil { + er := fmt.Errorf("error: groupCommandsDeleteCommand: %v", err) + log.Printf("%v\n", er) + } + } // groupCommandDeleteGroup deletes a commandGroup map. @@ -461,6 +491,12 @@ func (a *authSchema) groupCommandDeleteGroup(cg commandGroup) { //fmt.Printf(" * After deleting commandGroup=%v map looks like: %+v\n", cg, a.schemaMain.CommandGroupMap) + err := a.generateACLsForAllNodes() + if err != nil { + er := fmt.Errorf("error: groupCommandDeleteGroup: %v", err) + log.Printf("%v\n", er) + } + } // printMaps will print the auth maps for testing output. diff --git a/doc/concept/auth/main_test.go b/doc/concept/auth/main_test.go index 11556b9..49b00b4 100644 --- a/doc/concept/auth/main_test.go +++ b/doc/concept/auth/main_test.go @@ -68,18 +68,6 @@ func TestACLWithGroups(t *testing.T) { c.authorization.authSchema.aclAdd(grp_nodes_ships, grp_nodes_operators, grp_commands_commandset1) - // --- Tests --- - - //if _, ok := c.authorization.authSchema.schemaMain.ACLMap[grp_nodes_ships][grp_nodes_operators][grp_cmds_commandset1]; !ok { - // t.Fatal(" \U0001F631 [FAILED]: missing map entry") - //} - - // Also check the generated data for the nodes. - - // if _, ok := c.authorization.authSchema.schemaMain.ACLMap[grp_nodes_ships]["admin"]["useradd -m kongen"]; !ok { - // t.Fatal(" \U0001F631 [FAILED]: missing map entry") - // } - mapOfFromNodeCommands := make(map[node]map[command]struct{}) err := cbor.Unmarshal(c.authorization.authSchema.schemaGenerated.GeneratedACLsMap["ship101"].Data, &mapOfFromNodeCommands) if err != nil { @@ -128,6 +116,8 @@ func TestACLGenerated(t *testing.T) { c.authorization.authSchema.groupCommandsAddCommand("grp_commands_test", "dmesg") c.authorization.authSchema.aclAdd("grp_nodes_ships", "admin", "grp_commands_test") + c.authorization.authSchema.groupCommandsDeleteCommand("grp_commands_test", "echo") + // --- TESTS --- mapOfFromNodeCommands := make(map[node]map[command]struct{}) @@ -148,8 +138,8 @@ func TestACLGenerated(t *testing.T) { t.Fatalf(" \U0001F631 [FAILED]: missing map entry: HEN: Content of Map: %v", mapOfFromNodeCommands) } - if _, ok := mapOfFromNodeCommands["admin"]["echo"]; !ok { - t.Fatalf(" \U0001F631 [FAILED]: missing map entry: echo: Content of Map: %v", mapOfFromNodeCommands) + if _, ok := mapOfFromNodeCommands["admin"]["echo"]; ok { + t.Fatalf(" \U0001F631 [FAILED]: should not contain map entry: echo: Content of Map: %v", mapOfFromNodeCommands) } if _, ok := mapOfFromNodeCommands["admin"]["dmesg"]; !ok {