auth concept testing

central_auth.go

@@ -11,9 +11,6 @@ import (
 	bolt "go.etcd.io/bbolt"
 )
 
-type signatureBase32 string
-type argsString string
-
 // centralAuth holds the logic related to handling public keys and auth maps.
 type centralAuth struct {
 	// schema           map[Node]map[argsString]signatureBase32
@@ -130,31 +127,31 @@ func (c *centralAuth) addPublicKey(proc process, msg Message) {
 	//c.dbDump(c.bucketPublicKeys)
 }
 
-// dbGetPublicKey will look up and return a specific value if it exists for a key in a bucket in a DB.
-func (c *centralAuth) dbGetPublicKey(node string) ([]byte, error) {
-	var value []byte
-	// View is a help function to get values out of the database.
-	err := c.db.View(func(tx *bolt.Tx) error {
-		//Open a bucket to get key's and values from.
-		bu := tx.Bucket([]byte(c.bucketNamePublicKeys))
-		if bu == nil {
-			log.Printf("info: no db bucket exist: %v\n", c.bucketNamePublicKeys)
-			return nil
-		}
-
-		v := bu.Get([]byte(node))
-		if len(v) == 0 {
-			log.Printf("info: view: key not found\n")
-			return nil
-		}
-
-		value = v
-
-		return nil
-	})
-
-	return value, err
-}
+// // dbGetPublicKey will look up and return a specific value if it exists for a key in a bucket in a DB.
+// func (c *centralAuth) dbGetPublicKey(node string) ([]byte, error) {
+// 	var value []byte
+// 	// View is a help function to get values out of the database.
+// 	err := c.db.View(func(tx *bolt.Tx) error {
+// 		//Open a bucket to get key's and values from.
+// 		bu := tx.Bucket([]byte(c.bucketNamePublicKeys))
+// 		if bu == nil {
+// 			log.Printf("info: no db bucket exist: %v\n", c.bucketNamePublicKeys)
+// 			return nil
+// 		}
+//
+// 		v := bu.Get([]byte(node))
+// 		if len(v) == 0 {
+// 			log.Printf("info: view: key not found\n")
+// 			return nil
+// 		}
+//
+// 		value = v
+//
+// 		return nil
+// 	})
+//
+// 	return value, err
+// }
 
 //dbUpdatePublicKey will update the public key for a node in the db.
 func (c *centralAuth) dbUpdatePublicKey(node string, value []byte) error {
@@ -177,22 +174,22 @@ func (c *centralAuth) dbUpdatePublicKey(node string, value []byte) error {
 	return err
 }
 
-// deleteKeyFromBucket will delete the specified key from the specified
-// bucket if it exists.
-func (c *centralAuth) dbDeletePublicKey(key string) error {
-	err := c.db.Update(func(tx *bolt.Tx) error {
-		bu := tx.Bucket([]byte(c.bucketNamePublicKeys))
-
-		err := bu.Delete([]byte(key))
-		if err != nil {
-			log.Printf("error: delete key in bucket %v failed: %v\n", c.bucketNamePublicKeys, err)
-		}
-
-		return nil
-	})
-
-	return err
-}
+// // deleteKeyFromBucket will delete the specified key from the specified
+// // bucket if it exists.
+// func (c *centralAuth) dbDeletePublicKey(key string) error {
+// 	err := c.db.Update(func(tx *bolt.Tx) error {
+// 		bu := tx.Bucket([]byte(c.bucketNamePublicKeys))
+//
+// 		err := bu.Delete([]byte(key))
+// 		if err != nil {
+// 			log.Printf("error: delete key in bucket %v failed: %v\n", c.bucketNamePublicKeys, err)
+// 		}
+//
+// 		return nil
+// 	})
+//
+// 	return err
+// }
 
 // dumpBucket will dump out all they keys and values in the
 // specified bucket, and return a sorted []samDBValue

doc/concept/auth/REQPublicKeysGet 2.drawio

@@ -0,0 +1 @@
+<mxfile host="Electron" modified="2022-04-07T03:56:08.840Z" agent="5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/16.5.1 Chrome/96.0.4664.110 Electron/16.0.7 Safari/537.36" etag="-LK1csLiiPyU1Qw41Pjy" version="16.5.1" type="device"><diagram name="Page-1" id="edf60f1a-56cd-e834-aa8a-f176f3a09ee4">5Vjfc9soEP5rNHP34I5+26+Jk7SdXO/Spp0mj1hCElMkXIRjK3/9LQJZQih1k8ZNr/figV12ge9bdtdygmW5e83RunjHUkwd3013TnDm+P4icuFXCholiD1fCXJOUiXyesE1ucdaqO3yDUlxbSwUjFFB1qYwYVWFE2HIEOdsay7LGDV3XaMcW4LrBFFb+pmkotBSz3V7xRtM8kKMLrxCyZecs02l96tYhZWmRJ0bvbQuUMq2A1Fw7gRLzphQo3K3xFSi2iGm7C4e0O6PzHElvsfg682pn324fH9/e7P41NCw8P7KZl6g3NwhutFY6NOKpgOnvR6WXlwnON0WRODrNUqkdgvRALJClBRmHgxTVBftWjnJWCU02b601XthLvDuwVt4e2wg2jArseANLNl1kRUpEx1pHbrbnjZ/oWXFgLFwroVIh0q+d91jBgMN22Mg9P9jEO6j+iUgdOf1RXJB08XZ23/ug0v05iRezuLDCOIqPZEPHWYJRXVNEhM0E+EHIPFdnBqJwMZoAEI0gUEn45giQe7M9DGFi97hihE4yZ6CyDMpiIMRtDXb8ARrq+GjHjnywwOOBOI5Fpajlqb9tZ/O3Pz/xpwFePxE5qwQGDt6Puam05bF3NVmRQmkHi4J4CzBNZzkxPFjChCerkAc53L04fx9uzS5xM1rLOwFtoTjNW3eYVGwtHXpDn1cbSZ8SDTcGkPBT+VNKoE5HPUbidU7nFifI3eOWPOCieQZT4Tf0cqPXX3+hu7MAgquLEw0asHZF7xklHGQtI0LlBtC6UiEKMkr+XixJAEEEkACvdOJVpQkTeU2k/Cbr/sI1cx3Q4ORyCZkio9xnnw2PuyGagk34ROx+9tSMg/cX4qS0KLkerOqE05WPyvXfWQXhAKxOpW/ZAaL/VEGCycy2HyCnnF9ejZ6IoseC/UfainGEY53RNzolXJ8K9e9ivTsbKfN2knTTeAJNzfDycBKTnuzdtbZTfYuk/2N6hsOF2zVFhyK9pdqj8JRffTdJ7ZHYTwK0+jntkf2X5J6mDN+l/5lKjdPJuejvf6pfxAKzHqNKgOt+OtGfiw5TVQ1lLmV56s/JNKOD7u7g9Gfjq5mrnz+swyVhDbKBhyhct0qgyCUEGN6h2X9tDSmk7pNItIFQL4b6dQppbJivJRUD9VbDaXUh+qcrZJiAZExg6smpMon7WWbMNMVX6p10TfUBIKo0u6HR2uV0HxUdQZOO/fyE5VesGU8NXcfmvdft2YjzP0o2mM9GvfIp6ReU6RRJxUlg40zypAYHqgjd6ryDl4YxJiKi678HqU09OXgdlAoDpQG71il4WDKj7/55uEoXmi98iMWgXk0/kb3xCIQLMxsFXxnEYAIQM1g2VouqB9x4IXxKRUGyuPIunPPsqzGj6xCMO0//arl/Zf14Pxf</diagram></mxfile>

doc/concept/auth/auth.md

@@ -28,6 +28,10 @@ The system will need processes for allowing CRUD of the auth database , and also
 
 The signatures should be created and sent as a part of the message from a node, and should not be be populated from CentralAuth to the end nodes up front.
 
+## Sync between multiple centrals
+
+.....
+
 ### Authorize an CentralAuth Server to avoid having rogue Auth Servers
 
 This can be done at the subject level on the broker since we are using NKEY's to identify the nodes.

doc/concept/auth/auth_parser.go

@@ -0,0 +1,113 @@
+package main
+
+import (
+	"fmt"
+	"strings"
+)
+
+type authParser struct {
+	currentHost node
+	authSchema  *authSchema
+	//ACLsToConvert map[node]map[node]map[command]struct{}
+}
+
+// newAuthParser returns a new authParser, with the current host node set.
+func newAuthParser(n node, authSchema *authSchema) *authParser {
+	a := authParser{
+		currentHost: n,
+		authSchema:  authSchema,
+		//ACLsToConvert: make(map[node]map[node]map[command]struct{}),
+	}
+	return &a
+}
+
+type parseFn func() parseFn
+
+// parse will parse one host or one host group.
+func (a *authParser) parse() {
+	fn := a.hostGroupOrSingle()
+	for {
+		fn = fn()
+		if fn == nil {
+			break
+		}
+	}
+
+}
+
+// hostGroupOrSingle checks if host grp or single node.
+func (a *authParser) hostGroupOrSingle() parseFn {
+	switch {
+	case strings.HasPrefix(string(a.currentHost), "grp_nodes_"):
+		// Is group
+		return a.hostIsGroup
+	default:
+		// Is single node
+		return a.hostIsNotGroup
+	}
+}
+
+// hostIsGroup
+func (a *authParser) hostIsGroup() parseFn {
+	fmt.Printf("%v is a grp type\n", a.currentHost)
+
+	hosts := a.authSchema.convToActualNodeSlice(a.currentHost)
+
+	for source, cmdMap := range a.authSchema.schemaMain.ACLMap[a.currentHost] {
+
+		for cmd, emptyStruct := range cmdMap {
+
+			// Expand eventual groups, so we use real fromNode nodenames in ACL for nodes.
+			sourceNodes := a.authSchema.convToActualNodeSlice(source)
+			for _, sourceNode := range sourceNodes {
+				for _, host := range hosts {
+					if a.authSchema.schemaGenerated.ACLsToConvert[host] == nil {
+						a.authSchema.schemaGenerated.ACLsToConvert[host] = make(map[node]map[command]struct{})
+					}
+					if a.authSchema.schemaGenerated.ACLsToConvert[host][sourceNode] == nil {
+						a.authSchema.schemaGenerated.ACLsToConvert[host][sourceNode] = make(map[command]struct{})
+					}
+
+					a.authSchema.schemaGenerated.ACLsToConvert[host][sourceNode][cmd] = emptyStruct
+				}
+			}
+		}
+	}
+
+	fmt.Printf(" * ACLsToConvert=%+v\n", a.authSchema.schemaGenerated.ACLsToConvert)
+	// Done with host. Return nil will make the main loop take the next host in the main for loop.
+	return nil
+}
+
+// hostIsNotGroup
+func (a *authParser) hostIsNotGroup() parseFn {
+	fmt.Printf("%v is a single node type\n", a.currentHost)
+
+	host := a.currentHost
+
+	for source, cmdMap := range a.authSchema.schemaMain.ACLMap[a.currentHost] {
+
+		for cmd, emptyStruct := range cmdMap {
+
+			// Expand eventual groups, so we use real fromNode nodenames in ACL for nodes.
+			sourceNodes := a.authSchema.convToActualNodeSlice(source)
+			for _, sourceNode := range sourceNodes {
+
+				if a.authSchema.schemaGenerated.ACLsToConvert[host] == nil {
+					a.authSchema.schemaGenerated.ACLsToConvert[host] = make(map[node]map[command]struct{})
+				}
+				if a.authSchema.schemaGenerated.ACLsToConvert[host][sourceNode] == nil {
+					a.authSchema.schemaGenerated.ACLsToConvert[host][sourceNode] = make(map[command]struct{})
+				}
+
+				a.authSchema.schemaGenerated.ACLsToConvert[host][sourceNode][cmd] = emptyStruct
+
+			}
+		}
+	}
+
+	fmt.Printf(" * ACLsToConvert contains: %+v\n", a.authSchema.schemaGenerated.ACLsToConvert)
+
+	// Done with host. Return nil will make the main loop take the next host in the main for loop.
+	return nil
+}

doc/concept/auth/main.go

@@ -0,0 +1,575 @@
+package main
+
+import (
+	"fmt"
+	"log"
+	"sort"
+	"strings"
+	"sync"
+
+	"github.com/go-playground/validator/v10"
+)
+
+// centralAuth
+type centralAuth struct {
+	authorization *authorization
+}
+
+// newCentralAuth
+func newCentralAuth() *centralAuth {
+	c := centralAuth{
+		authorization: newAuthorization(),
+	}
+
+	return &c
+}
+
+// --------------------------------------
+
+type authorization struct {
+	authSchema *authSchema
+}
+
+func newAuthorization() *authorization {
+	a := authorization{
+		authSchema: newAuthSchema(),
+	}
+
+	return &a
+}
+
+// authSchema holds both the main schema to update by operators,
+// and also the indvidual node generated data based on the main schema.
+type authSchema struct {
+	//         node      fromNode   commands
+	schemaMain      *schemaMain
+	schemaGenerated *schemaGenerated
+	validator       *validator.Validate
+}
+
+type node string
+type command string
+type nodeGroup string
+type commandGroup string
+
+type schemaMain struct {
+	ACLMap          map[node]map[node]map[command]struct{}
+	NodeGroupMap    map[nodeGroup]map[node]struct{}
+	CommandGroupMap map[commandGroup]map[command]struct{}
+	mu              sync.Mutex
+}
+
+func newSchemaMain() *schemaMain {
+	s := schemaMain{
+		ACLMap:          make(map[node]map[node]map[command]struct{}),
+		NodeGroupMap:    make(map[nodeGroup]map[node]struct{}),
+		CommandGroupMap: make(map[commandGroup]map[command]struct{}),
+	}
+	return &s
+}
+
+type schemaGenerated struct {
+	ACLsToConvert map[node]map[node]map[command]struct{}
+	NodeMap       map[node]NodeDataWithHash
+	mu            sync.Mutex
+}
+
+func newSchemaGenerated() *schemaGenerated {
+	s := schemaGenerated{
+		ACLsToConvert: map[node]map[node]map[command]struct{}{},
+		NodeMap:       make(map[node]NodeDataWithHash),
+	}
+	return &s
+}
+
+func newAuthSchema() *authSchema {
+	a := authSchema{
+		schemaMain:      newSchemaMain(),
+		schemaGenerated: newSchemaGenerated(),
+		validator:       validator.New(),
+	}
+
+	return &a
+}
+
+// NodeDataWithHash is the serialized representation node specific value in the authSchema.
+// There is also a sha256 hash of the data.
+type NodeDataWithHash struct {
+	// data is all the auth data for a specific node encoded in json.
+	Data []byte
+	// hash is the sha256 hash of the data.
+	Hash [32]byte
+}
+
+func (a *authSchema) convToActualNodeSlice(n node) []node {
+	nodes := []node{}
+
+	// Check if we are given a nodeGroup variable, and if we are, get all the
+	// nodes for that group.
+	if strings.HasPrefix(string(n), "grp_nodes_") {
+		for nd := range a.schemaMain.NodeGroupMap[nodeGroup(n)] {
+			nodes = append(nodes, nd)
+		}
+	} else {
+		// No group found meaning a single node was given as an argument.
+		nodes = []node{n}
+	}
+
+	return nodes
+}
+
+// convertCommandToCommandSlice will convert the given argument into a slice representation.
+// If the argument is a group, then all the members of that group will be expanded into
+// the slice.
+// If the argument is not a group kind of value, then only a slice with that single
+// value is returned.
+func (a *authSchema) convertCommandToCommandSlice(c command) []command {
+	commands := []command{}
+
+	// Check if we are given a nodeGroup variable, and if we are, get all the
+	// nodes for that group.
+	if strings.HasPrefix(string(c), "grp_cmds_") {
+		for cmd := range a.schemaMain.CommandGroupMap[commandGroup(c)] {
+			commands = append(commands, cmd)
+		}
+	} else {
+		// No group found meaning a single node was given as an argument, so we
+		// just put the single node given as the only value in the slice.
+		commands = []command{c}
+	}
+
+	return commands
+}
+
+// aclNodeFromnodeCommandAdd will add a command for a fromNode.
+// If the node or the fromNode do not exist they will be created.
+// The json encoded schema for a node and the hash of those data
+// will also be generated.
+//
+// TODO: Rename to aclAdd
+func (a *authSchema) aclCommandAdd(n node, fn node, cmd command) {
+	a.schemaMain.mu.Lock()
+	defer a.schemaMain.mu.Unlock()
+
+	// Check if node exists in map.
+	if _, ok := a.schemaMain.ACLMap[n]; !ok {
+		// log.Printf("info: did not find node=%v in map, creating map[fromnode]map[command]struct{}\n", n)
+		a.schemaMain.ACLMap[n] = make(map[node]map[command]struct{})
+	}
+
+	// Check if also fromnode exists in map
+	if _, ok := a.schemaMain.ACLMap[n][fn]; !ok {
+		// log.Printf("info: did not find node=%v in map, creating map[fromnode]map[command]struct{}\n", fn)
+		a.schemaMain.ACLMap[n][fn] = make(map[command]struct{})
+	}
+
+	a.schemaMain.ACLMap[n][fn][cmd] = struct{}{}
+	// err := a.generateJSONForHostOrGroup(n)
+	err := a.generateJSONForAllNodes()
+	if err != nil {
+		er := fmt.Errorf("error: addCommandForFromNode: %v", err)
+		log.Printf("%v\n", er)
+	}
+
+	// fmt.Printf(" * DEBUG: aclNodeFromnodeCommandAdd: a.schemaMain.ACLMap=%v\n", a.schemaMain.ACLMap)
+
+}
+
+// aclNodeFromNodeCommandDelete will delete the specified command from the fromnode.
+func (a *authSchema) aclCommandDelete(host node, source node, cmd command) error {
+	a.schemaMain.mu.Lock()
+	defer a.schemaMain.mu.Unlock()
+
+	// Check if node exists in map.
+	if _, ok := a.schemaMain.ACLMap[host]; !ok {
+		return fmt.Errorf("authSchema: no such node=%v to delete on in schema exists", host)
+	}
+
+	if _, ok := a.schemaMain.ACLMap[host][source]; !ok {
+		return fmt.Errorf("authSchema: no such fromnode=%v to delete on in schema for node=%v exists", source, host)
+	}
+
+	if _, ok := a.schemaMain.ACLMap[host][source][cmd]; !ok {
+		return fmt.Errorf("authSchema: no such command=%v from fromnode=%v to delete on in schema for node=%v exists", cmd, source, host)
+	}
+
+	delete(a.schemaMain.ACLMap[host][source], cmd)
+
+	err := a.generateJSONForAllNodes()
+	if err != nil {
+		er := fmt.Errorf("error: aclNodeFromNodeCommandDelete: %v", err)
+		log.Printf("%v\n", er)
+	}
+
+	return nil
+}
+
+// aclNodeFromnodeDelete will delete specified fromnode and all commands specified for it.
+func (a *authSchema) aclSourceDelete(host node, source node) error {
+	a.schemaMain.mu.Lock()
+	defer a.schemaMain.mu.Unlock()
+
+	// Check if node exists in map.
+	if _, ok := a.schemaMain.ACLMap[host]; !ok {
+		return fmt.Errorf("authSchema: no such node=%v to delete on in schema exists", host)
+	}
+
+	if _, ok := a.schemaMain.ACLMap[host][source]; !ok {
+		return fmt.Errorf("authSchema: no such fromnode=%v to delete on in schema for node=%v exists", source, host)
+	}
+
+	delete(a.schemaMain.ACLMap[host], source)
+
+	err := a.generateJSONForAllNodes()
+	if err != nil {
+		er := fmt.Errorf("error: aclNodeFromnodeDelete: %v", err)
+		log.Printf("%v\n", er)
+	}
+
+	return nil
+}
+
+// generateJSONForAllNodes will generate a json encoded representation of the node specific
+// map values of authSchema, along with a hash of the data.
+//
+// Will range over all the host elements defined in the ACL, create a new authParser for each one,
+// and run a small state machine on each element to create the final ACL result to be used at host
+// nodes.
+// The result will be written to the schemaGenerated.ACLsToConvert map.
+func (a *authSchema) generateJSONForAllNodes() error {
+	a.schemaGenerated.ACLsToConvert = make(map[node]map[node]map[command]struct{})
+
+	for n := range a.schemaMain.ACLMap {
+		//a.schemaGenerated.ACLsToConvert = make(map[node]map[node]map[command]struct{})
+		ap := newAuthParser(n, a)
+		ap.parse()
+	}
+
+	return nil
+}
+
+type fromNodes struct {
+	Node      node
+	FromNodes []fromNodeCommands
+}
+
+type fromNodeCommands struct {
+	FromNode node
+	Commands []command
+}
+
+// nodeMapToSlice will return a fromNode structure, with the map fromNode part
+// of the map converted into a slice. Both the from node, and the commands
+// defined for each fromNode are sorted.
+// This function is used when creating the hash of the nodeMap since we can not
+// guarantee the order of a hash map, but we can with a slice.
+func (a *authSchema) nodeMapToSlice(n node) fromNodes {
+	fns := fromNodes{
+		Node: n,
+	}
+
+	for fn, commandMap := range a.schemaMain.ACLMap[n] {
+		fnc := fromNodeCommands{
+			FromNode: fn,
+		}
+
+		for cmd := range commandMap {
+			fnc.Commands = append(fnc.Commands, cmd)
+		}
+
+		// sort.Strings(fnc.Commands)
+		sort.SliceStable(fnc.Commands, func(i, j int) bool {
+			return fnc.Commands[i] < fnc.Commands[j]
+		})
+
+		fns.FromNodes = append(fns.FromNodes, fnc)
+	}
+
+	sort.SliceStable(fns.FromNodes, func(i, j int) bool {
+		return fns.FromNodes[i].FromNode < fns.FromNodes[j].FromNode
+	})
+
+	// fmt.Printf(" * nodeMapToSlice: fromNodes: %#v\n", fns)
+
+	return fns
+}
+
+// groupNodesAddNode adds a node to a group. If the group does
+// not exist it will be created.
+func (a *authSchema) groupNodesAddNode(ng nodeGroup, n node) {
+	err := a.validator.Var(ng, "startswith=grp_nodes_")
+	if err != nil {
+		log.Printf("error: group name do not start with grp_nodes_: %v\n", err)
+		return
+	}
+
+	a.schemaMain.mu.Lock()
+	defer a.schemaMain.mu.Unlock()
+	if _, ok := a.schemaMain.NodeGroupMap[ng]; !ok {
+		a.schemaMain.NodeGroupMap[ng] = make(map[node]struct{})
+	}
+
+	a.schemaMain.NodeGroupMap[ng][n] = struct{}{}
+
+	// fmt.Printf(" * groupNodesAddNode: After adding to group node looks like: %+v\n", a.schemaMain.NodeGroupMap)
+
+}
+
+// groupNodesDeleteNode deletes a node from a group in the map.
+func (a *authSchema) groupNodesDeleteNode(ng nodeGroup, n node) {
+	a.schemaMain.mu.Lock()
+	defer a.schemaMain.mu.Unlock()
+	if _, ok := a.schemaMain.NodeGroupMap[ng][n]; !ok {
+		log.Printf("info: no such node with name=%v found in group=%v\n", ng, n)
+		return
+	}
+
+	delete(a.schemaMain.NodeGroupMap[ng], n)
+
+	//fmt.Printf(" * After deleting nodeGroup map looks like: %+v\n", a.schemaMain.NodeGroupMap)
+
+}
+
+// groupNodesDeleteGroup deletes a nodeGroup from map.
+func (a *authSchema) groupNodesDeleteGroup(ng nodeGroup) {
+	a.schemaMain.mu.Lock()
+	defer a.schemaMain.mu.Unlock()
+	if _, ok := a.schemaMain.NodeGroupMap[ng]; !ok {
+		log.Printf("info: no such group found: %v\n", ng)
+		return
+	}
+
+	delete(a.schemaMain.NodeGroupMap, ng)
+
+	//fmt.Printf(" * After deleting nodeGroup map looks like: %+v\n", a.schemaMain.NodeGroupMap)
+
+}
+
+// -----
+
+// groupCommandsAddCommand adds a command to a group. If the group does
+// not exist it will be created.
+func (a *authSchema) groupCommandsAddCommand(cg commandGroup, c command) {
+	err := a.validator.Var(cg, "startswith=grp_cmds_")
+	if err != nil {
+		log.Printf("error: group name do not start with grp_cmds_ : %v\n", err)
+		return
+	}
+
+	a.schemaMain.mu.Lock()
+	defer a.schemaMain.mu.Unlock()
+	if _, ok := a.schemaMain.CommandGroupMap[cg]; !ok {
+		a.schemaMain.CommandGroupMap[cg] = make(map[command]struct{})
+	}
+
+	a.schemaMain.CommandGroupMap[cg][c] = struct{}{}
+
+	//fmt.Printf(" * groupCommandsAddCommand: After adding command=%v to command group=%v map looks like: %+v\n", c, cg, a.schemaMain.CommandGroupMap)
+
+}
+
+// groupCommandsDeleteCommand deletes a command from a group in the map.
+func (a *authSchema) groupCommandsDeleteCommand(cg commandGroup, c command) {
+	a.schemaMain.mu.Lock()
+	defer a.schemaMain.mu.Unlock()
+	if _, ok := a.schemaMain.CommandGroupMap[cg][c]; !ok {
+		log.Printf("info: no such command with name=%v found in group=%v\n", c, cg)
+		return
+	}
+
+	delete(a.schemaMain.CommandGroupMap[cg], c)
+
+	//fmt.Printf(" * After deleting command=%v from group=%v map looks like: %+v\n", c, cg, a.schemaMain.CommandGroupMap)
+
+}
+
+// groupCommandDeleteGroup deletes a commandGroup map.
+func (a *authSchema) groupCommandDeleteGroup(cg commandGroup) {
+	a.schemaMain.mu.Lock()
+	defer a.schemaMain.mu.Unlock()
+	if _, ok := a.schemaMain.CommandGroupMap[cg]; !ok {
+		log.Printf("info: no such group found: %v\n", cg)
+		return
+	}
+
+	delete(a.schemaMain.CommandGroupMap, cg)
+
+	//fmt.Printf(" * After deleting commandGroup=%v map looks like: %+v\n", cg, a.schemaMain.CommandGroupMap)
+
+}
+
+// printMaps will print the auth maps for testing output.
+func (c *centralAuth) printMaps() {
+	{
+		fmt.Println("\n-----------------PRINTING OUT MAPS------------------------")
+
+		fmt.Println("----schemaMain------")
+		c.authorization.authSchema.schemaMain.mu.Lock()
+		for k, v := range c.authorization.authSchema.schemaMain.ACLMap {
+			fmt.Printf("%v: %+v\n", k, v)
+		}
+		c.authorization.authSchema.schemaMain.mu.Unlock()
+
+		fmt.Println("----schemaGenerated------")
+		c.authorization.authSchema.schemaGenerated.mu.Lock()
+		for k, v := range c.authorization.authSchema.schemaGenerated.NodeMap {
+			fmt.Printf("node: %v, NodeDataSerialized: %v\n", k, string(v.Data))
+			fmt.Printf("node: %v, Hash: %v\n", k, v.Hash)
+		}
+		c.authorization.authSchema.schemaGenerated.mu.Unlock()
+	}
+	fmt.Println("-----------------END OF PRINTING OUT MAPS------------------------")
+	fmt.Println()
+}
+
+func main() {
+	// c := newCentralAuth()
+
+	// -----------General testing and creation of some data----------------
+
+	// // Start concurrent updating of the schema.
+	// var wg sync.WaitGroup
+	// for i := 0; i < 1; i++ {
+	// 	wg.Add(1)
+	// 	go func() {
+	// 		defer wg.Done()
+	// 		c.authorization.authSchema.aclNodeFromnodeCommandAdd("ship1", "operator2", "rm -rf")
+	// 		c.authorization.authSchema.aclNodeFromnodeCommandAdd("ship1", "operator1", "ls -lt")
+	// 		c.authorization.authSchema.aclNodeFromnodeCommandAdd("ship1", "operator1", "ls -lt")
+	// 		c.authorization.authSchema.aclNodeFromnodeCommandAdd("ship1", "operator2", "ls -l")
+	// 		c.authorization.authSchema.aclNodeFromnodeCommandAdd("ship3", "operator3", "ls -lt")
+	// 		c.authorization.authSchema.aclNodeFromnodeCommandAdd("ship3", "operator3", "vi /etc/hostname")
+	// 		c.authorization.authSchema.aclNodeFromNodeCommandDelete("ship3", "operator2", "ls -lt")
+	// 		c.authorization.authSchema.aclNodeFromnodeDelete("ship3", "operator3")
+	// 	}()
+	//
+	// 	wg.Add(1)
+	// 	go func() {
+	// 		defer wg.Done()
+	// 		fmt.Println("----schemaMain------")
+	// 		c.authorization.authSchema.schemaMain.mu.Lock()
+	// 		for _, v := range c.authorization.authSchema.schemaMain.NodeMap {
+	// 			fmt.Printf("%+v\n", v)
+	// 		}
+	// 		c.authorization.authSchema.schemaMain.mu.Unlock()
+	//
+	// 		fmt.Println("----schemaGenerated------")
+	// 		c.authorization.authSchema.schemaGenerated.mu.Lock()
+	// 		for k, v := range c.authorization.authSchema.schemaGenerated.NodeMap {
+	// 			fmt.Printf("node: %v, NodeDataSerialized: %v\n", k, string(v.Data))
+	// 			fmt.Printf("node: %v, Hash: %v\n", k, v.Hash)
+	// 		}
+	// 		c.authorization.authSchema.schemaGenerated.mu.Unlock()
+	// 	}()
+	// }
+	// wg.Wait()
+	// c.printMaps()
+
+	// // --------- Testing as needed for request types--------------
+	// fmt.Println("--------- Testing as needed for request types--------------")
+	//
+	// // Get the hash for a node schema
+	// {
+	// 	c.authorization.authSchema.schemaGenerated.mu.Lock()
+	// 	h := c.authorization.authSchema.schemaGenerated.NodeMap["ship1"].Hash
+	// 	c.authorization.authSchema.schemaGenerated.mu.Unlock()
+	//
+	// 	fmt.Printf("testing: hash for ship1 = %v\n", h)
+	// }
+
+	// // Generate json to send to node in message with nodeMap and hash
+	// {
+	// 	var tmpData map[string]map[string]struct{}
+	// 	nodeName := node("ship1")
+	// 	err := json.Unmarshal(c.authorization.authSchema.schemaGenerated.NodeMap[nodeName].Data, &tmpData)
+	// 	if err != nil {
+	// 		log.Printf("error: failed to unmarshal schemaGenerated.NodeMap: %v\n", err)
+	// 		os.Exit(1)
+	// 	}
+	//
+	// 	fmt.Printf("\n * Data for %v: %#v\n", nodeName, tmpData)
+	//
+	// }
+
+	// // Test node group.
+	// {
+	// 	fmt.Println("\n--------------Group testing----------------")
+	// 	fmt.Println(" * ADDING NODES TO GROUPS")
+	// 	c.authorization.authSchema.groupNodesAddNode("grp_nodes_GROUP_A", "ship1")
+	// 	c.authorization.authSchema.groupNodesAddNode("grp_nodes_GROUP_A", "ship2")
+	// 	c.authorization.authSchema.groupNodesAddNode("grp_nodes_GROUP_A", "ship3")
+	// 	c.authorization.authSchema.groupNodesAddNode("grp_nodes_GROUP_B", "ship2")
+	// 	c.authorization.authSchema.groupNodesAddNode("grp_nodes_GROUP_C", "ship3")
+	//
+	// 	fmt.Println("\n * Deleting  NODES FROM GROUPS")
+	// 	c.authorization.authSchema.groupNodesDeleteNode("grp_nodes_GROUP_A", "ship2")
+	//
+	// 	fmt.Println("\n * Deleting  NODE GROUPS")
+	// 	c.authorization.authSchema.groupNodesDeleteGroup("grp_nodes_GROUP_B")
+	//
+	// 	// -----
+	//
+	// 	fmt.Println("\n * ADDING COMMANDS TO COMMAND GROUPS")
+	// 	c.authorization.authSchema.groupCommandsAddCommand("grp_cmds_C_GROUP_A", "echo apekatt")
+	// 	c.authorization.authSchema.groupCommandsAddCommand("grp_cmds_C_GROUP_A", "ls -lt")
+	// 	c.authorization.authSchema.groupCommandsAddCommand("grp_cmds_C_GROUP_A", "rm -rf")
+	// 	c.authorization.authSchema.groupCommandsAddCommand("grp_cmds_C_GROUP_B", "df -ah")
+	// 	c.authorization.authSchema.groupCommandsAddCommand("grp_cmds_C_GROUP_C", "cat /etc/hosts")
+	//
+	// 	fmt.Println("\n * Deleting  COMMANDS FROM GROUPS")
+	// 	c.authorization.authSchema.groupCommandsDeleteCommand("grp_cmds_C_GROUP_A", "ls -lt")
+	//
+	// 	fmt.Println("\n * Deleting  COMMAND GROUP")
+	// 	c.authorization.authSchema.groupCommandDeleteGroup("grp_cmds_C_GROUP_B")
+	// }
+
+	//{
+	//	fmt.Println("\n --------- GROUP, add nodes to a group, and apply acl's --------")
+	//	c.authorization.authSchema.groupNodesAddNode("grp_nodes_operators", "operator1")
+	//	c.authorization.authSchema.groupNodesAddNode("grp_nodes_operators", "operator2")
+	//
+	//	c.authorization.authSchema.groupNodesAddNode("grp_nodes_group100", "ship100")
+	//	c.authorization.authSchema.groupNodesAddNode("grp_nodes_group100", "ship101")
+	//	c.authorization.authSchema.groupNodesAddNode("grp_nodes_group100", "ship102")
+	//
+	//	c.authorization.authSchema.groupCommandsAddCommand("grp_cmds_1", "dmesg")
+	//
+	//	// Also add a non group user
+	//	c.authorization.authSchema.aclCommandAdd("grp_nodes_group100", "admin", "useradd -m kongen")
+	//	// c.authorization.authSchema.aclNodeFromnodeCommandAdd("grp_nodes_group100", "operator1", "useradd -m dmesg")
+	//	// c.authorization.authSchema.aclNodeFromnodeCommandAdd("grp_nodes_group100", "grp_nodes_operators", "dmesg")
+	//	c.authorization.authSchema.aclCommandAdd("grp_nodes_group100", "grp_nodes_operators", "grp_cmds_1")
+	//	fmt.Println("\n --------- END OF GROUP NODES ADD NODE TESTING ----------")
+	//}
+
+	//c.printMaps()
+
+	// {
+	// 	fmt.Println("\n --------- GROUP, on all nodes, delete the command for operator1 --------")
+	// 	c.authorization.authSchema.aclNodeFromNodeCommandDelete("grp_nodes_group100", "operator1", "useradd -m operator")
+	//
+	// 	fmt.Println("\n --------- END ----------")
+	// }
+	//
+	// c.printMaps()
+
+	// {
+	// 	fmt.Println("\n --------- GROUP, on all nodes, delete fromnode operator1 --------")
+	// 	c.authorization.authSchema.aclNodeFromnodeDelete("grp_nodes_group100", "operator1")
+	//
+	// 	fmt.Println("\n --------- END OF DELETE A FROMNODE ----------")
+	// }
+	//
+	// c.printMaps()
+
+	//{
+	//	fmt.Println("\n --------- GROUP, delete node from group --------")
+	//	c.authorization.authSchema.groupNodesDeleteNode("grp_nodes_group100", "ship100")
+	//	c.authorization.authSchema.generateJSONForAllNodes()
+	//
+	//	fmt.Println("\n --------- END OF DELETE A FROMNODE ----------")
+	//}
+	//
+	//c.printMaps()
+
+}

doc/concept/auth/main_test.go

@@ -0,0 +1,230 @@
+package main
+
+import (
+	"encoding/json"
+	"flag"
+	"fmt"
+	"io"
+	"log"
+	"testing"
+)
+
+// Set the default logging functionality of the package to false.
+var logging = flag.Bool("logging", true, "set to true to enable the normal logger of the package")
+
+func TestACLSingleNode(t *testing.T) {
+	if !*logging {
+		log.SetOutput(io.Discard)
+	}
+
+	c := newCentralAuth()
+	c.authorization.authSchema.aclCommandAdd("ship101", "admin", "HORSE")
+	c.authorization.authSchema.aclCommandAdd("ship101", "admin", "PIG")
+
+	// --- TESTS ---
+
+	mapOfFromNodeCommands := make(map[node]map[command]struct{})
+	err := json.Unmarshal(c.authorization.authSchema.schemaGenerated.NodeMap["ship101"].Data, &mapOfFromNodeCommands)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	fmt.Printf(" DEBUG : mapOfFromNodeCommands: %v\n", mapOfFromNodeCommands)
+
+	if _, ok := mapOfFromNodeCommands["admin"]["HORSE"]; !ok {
+		t.Fatal(" \U0001F631  [FAILED]: missing map entry")
+	}
+
+	if _, ok := mapOfFromNodeCommands["admin"]["PIG"]; !ok {
+		t.Fatal(" \U0001F631  [FAILED]: missing map entry")
+	}
+}
+
+func TestACLWithGroups(t *testing.T) {
+	if !*logging {
+		log.SetOutput(io.Discard)
+	}
+
+	c := newCentralAuth()
+
+	const (
+		grp_nodes_operators  = "grp_nodes_operators"
+		grp_nodes_ships      = "grp_nodes_ships"
+		grp_cmds_commandset1 = "grp_cmds_commandset1"
+	)
+
+	c.authorization.authSchema.groupNodesAddNode(grp_nodes_operators, "operator1")
+	c.authorization.authSchema.groupNodesAddNode(grp_nodes_operators, "operator2")
+
+	c.authorization.authSchema.groupNodesAddNode(grp_nodes_ships, "ship100")
+	c.authorization.authSchema.groupNodesAddNode(grp_nodes_ships, "ship101")
+
+	c.authorization.authSchema.groupCommandsAddCommand(grp_cmds_commandset1, "dmesg")
+	c.authorization.authSchema.groupCommandsAddCommand(grp_cmds_commandset1, "date")
+
+	c.authorization.authSchema.aclCommandAdd(grp_nodes_ships, "admin", "useradd -m kongen")
+	c.authorization.authSchema.aclCommandAdd("ship101", "admin", "HORSE")
+
+	c.authorization.authSchema.aclCommandAdd(grp_nodes_ships, grp_nodes_operators, grp_cmds_commandset1)
+
+	// --- Tests ---
+
+	if _, ok := c.authorization.authSchema.schemaMain.ACLMap[grp_nodes_ships][grp_nodes_operators][grp_cmds_commandset1]; !ok {
+		t.Fatal(" \U0001F631  [FAILED]: missing map entry")
+	}
+
+	// Also check the generated data for the nodes.
+
+	if _, ok := c.authorization.authSchema.schemaMain.ACLMap[grp_nodes_ships]["admin"]["useradd -m kongen"]; !ok {
+		t.Fatal(" \U0001F631  [FAILED]: missing map entry")
+	}
+
+	mapOfFromNodeCommands := make(map[node]map[command]struct{})
+	err := json.Unmarshal(c.authorization.authSchema.schemaGenerated.NodeMap["ship101"].Data, &mapOfFromNodeCommands)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	fmt.Printf(" DEBUG : mapOfFromNodeCommands: %v\n", mapOfFromNodeCommands)
+
+	if _, ok := mapOfFromNodeCommands["admin"]["useradd -m kongen"]; !ok {
+		t.Fatal(" \U0001F631  [FAILED]: missing map entry")
+	}
+
+	if _, ok := mapOfFromNodeCommands["operator1"]["dmesg"]; !ok {
+		t.Fatal(" \U0001F631  [FAILED]: missing map entry")
+	}
+
+	if _, ok := mapOfFromNodeCommands["operator1"]["date"]; !ok {
+		t.Fatal(" \U0001F631  [FAILED]: missing map entry")
+	}
+
+	if _, ok := mapOfFromNodeCommands["operator2"]["dmesg"]; !ok {
+		t.Fatal(" \U0001F631  [FAILED]: missing map entry")
+	}
+
+	if _, ok := mapOfFromNodeCommands["operator2"]["date"]; !ok {
+		t.Fatal(" \U0001F631  [FAILED]: missing map entry")
+	}
+
+	// // TODO: Check why this one fails
+	// if _, ok := mapOfFromNodeCommands["admin"]["HORSE"]; !ok {
+	// 	t.Fatal(" \U0001F631  [FAILED]: missing map entry")
+	// }
+
+}
+
+func TestACLSingleNodeAndNodeGroup(t *testing.T) {
+	if !*logging {
+		log.SetOutput(io.Discard)
+	}
+
+	c := newCentralAuth()
+
+	c.authorization.authSchema.aclCommandAdd("ship101", "admin", "HORSE")
+
+	c.authorization.authSchema.groupNodesAddNode("grp_nodes_ships", "ship101")
+	c.authorization.authSchema.aclCommandAdd("grp_nodes_ships", "admin", "HEN")
+
+	// --- TESTS ---
+
+	mapOfFromNodeCommands := make(map[node]map[command]struct{})
+	err := json.Unmarshal(c.authorization.authSchema.schemaGenerated.NodeMap["ship101"].Data, &mapOfFromNodeCommands)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	fmt.Printf(" DEBUG : mapOfFromNodeCommands: %+v\n", mapOfFromNodeCommands)
+
+	//if _, ok := mapOfFromNodeCommands["admin"]["PIG"]; !ok {
+	//	t.Fatalf(" \U0001F631  [FAILED]: missing map entry: PIG: Content of Map: %v", mapOfFromNodeCommands)
+	//}
+
+	if _, ok := mapOfFromNodeCommands["admin"]["HORSE"]; !ok {
+		t.Fatalf(" \U0001F631  [FAILED]: missing map entry: HORSE: Content of Map: %v", mapOfFromNodeCommands)
+	}
+
+	if _, ok := mapOfFromNodeCommands["admin"]["HEN"]; !ok {
+		t.Fatalf(" \U0001F631  [FAILED]: missing map entry: HEN: Content of Map: %v", mapOfFromNodeCommands)
+
+	}
+}
+
+func TestSchemaMainACLMap(t *testing.T) {
+	if !*logging {
+		log.SetOutput(io.Discard)
+	}
+
+	c := newCentralAuth()
+
+	//c.authorization.authSchema.aclNodeFromnodeCommandAdd("ship101", "admin", "PIG")
+	fmt.Printf("---------------ADDING COMMAND-------------\n")
+	c.authorization.authSchema.aclCommandAdd("ship0", "admin", "systemctl")
+	c.authorization.authSchema.aclCommandAdd("ship1", "admin", "tcpdump")
+
+	if _, ok := c.authorization.authSchema.schemaMain.ACLMap["ship0"]["admin"]["systemctl"]; !ok {
+		t.Fatalf(" \U0001F631  [FAILED]: missing map entry: ship0, admin, systemctl")
+	}
+	if _, ok := c.authorization.authSchema.schemaMain.ACLMap["ship1"]["admin"]["tcpdump"]; !ok {
+		t.Fatalf(" \U0001F631  [FAILED]: missing map entry: ship1, admin, tcpdump")
+	}
+
+	fmt.Printf("---------------ADDING COMMAND-------------\n")
+	c.authorization.authSchema.groupNodesAddNode("grp_nodes_ships", "ship1")
+	c.authorization.authSchema.groupNodesAddNode("grp_nodes_ships", "ship2")
+	c.authorization.authSchema.aclCommandAdd("grp_nodes_ships", "admin", "dmesg")
+
+	if _, ok := c.authorization.authSchema.schemaMain.ACLMap["grp_nodes_ships"]["admin"]["dmesg"]; !ok {
+		t.Fatalf(" \U0001F631  [FAILED]: missing map entry: ship1, admin, tcpdump")
+	}
+
+	fmt.Printf("---------------ADDING COMMAND-------------\n")
+	c.authorization.authSchema.aclCommandAdd("ship2", "admin", "echo")
+
+	if _, ok := c.authorization.authSchema.schemaMain.ACLMap["ship2"]["admin"]["echo"]; !ok {
+		t.Fatalf(" \U0001F631  [FAILED]: missing map entry: ship1, admin, tcpdump")
+	}
+
+	fmt.Printf("---------------DELETING COMMAND grp_nodes_ships, admin, dmesg-------------\n")
+	c.authorization.authSchema.aclCommandDelete("grp_nodes_ships", "admin", "dmesg")
+
+	if _, ok := c.authorization.authSchema.schemaMain.ACLMap["grp_nodes_ships"]["admin"]["dmesg"]; ok {
+		t.Fatalf(" \U0001F631  [FAILED]: found map entry: grp_nodes_ships, admin, dmesg")
+	}
+	// Check that the remaining are still ok.
+	if _, ok := c.authorization.authSchema.schemaMain.ACLMap["ship0"]["admin"]["systemctl"]; !ok {
+		t.Fatalf(" \U0001F631  [FAILED]: missing map entry: ship0, admin, systemctl")
+	}
+	if _, ok := c.authorization.authSchema.schemaMain.ACLMap["ship1"]["admin"]["tcpdump"]; !ok {
+		t.Fatalf(" \U0001F631  [FAILED]: missing map entry: ship1, admin, tcpdump")
+	}
+	if _, ok := c.authorization.authSchema.schemaMain.ACLMap["ship2"]["admin"]["echo"]; !ok {
+		t.Fatalf(" \U0001F631  [FAILED]: missing map entry: ship1, admin, tcpdump")
+	}
+
+	fmt.Printf("---------------DELETING COMMAND ship0, admin, systemctl-------------\n")
+	c.authorization.authSchema.aclCommandDelete("ship0", "admin", "systemctl")
+
+	if _, ok := c.authorization.authSchema.schemaMain.ACLMap["ship0"]["admin"]["systemctl"]; ok {
+		t.Fatalf(" \U0001F631  [FAILED]: missing map entry: ship0, admin, systemctl")
+	}
+	// Check that the remaining are ok.
+	if _, ok := c.authorization.authSchema.schemaMain.ACLMap["ship1"]["admin"]["tcpdump"]; !ok {
+		t.Fatalf(" \U0001F631  [FAILED]: missing map entry: ship1, admin, tcpdump")
+	}
+	if _, ok := c.authorization.authSchema.schemaMain.ACLMap["ship2"]["admin"]["echo"]; !ok {
+		t.Fatalf(" \U0001F631  [FAILED]: missing map entry: ship1, admin, tcpdump")
+	}
+
+	fmt.Printf("---------------DELETING SOURCE ship1, admin-------------\n")
+	c.authorization.authSchema.aclSourceDelete("ship1", "admin")
+
+	if _, ok := c.authorization.authSchema.schemaMain.ACLMap["ship1"]["admin"]; ok {
+		t.Fatalf(" \U0001F631  [FAILED]: missing map entry: ship1, admin, tcpdump")
+	}
+	// Check that the remaining are ok.
+	if _, ok := c.authorization.authSchema.schemaMain.ACLMap["ship2"]["admin"]["echo"]; !ok {
+		t.Fatalf(" \U0001F631  [FAILED]: missing map entry: ship1, admin, tcpdump")
+	}
+	// --- TESTS ---
+}

doc/concept/auth/old

@@ -0,0 +1,257 @@
+package main
+
+import (
+	"crypto/sha256"
+	"encoding/json"
+	"fmt"
+	"log"
+	"strings"
+)
+
+// generateJSONForNode will generate a json encoded representation of the node specific
+// map values of authSchema, along with a hash of the data.
+func (a *authSchema) OLDgenerateJSONForNode(hostNodeOrGroup node) error {
+	fmt.Printf("--------------------ENTERING generateJSONForNode------------------------\n")
+
+	// First generate hash value of the current map[fromNodes]map[command]struct{}
+	// ---------------------------------------------------------------------------
+
+	// Create a sorted slice representation of the map, which will look the same
+	// at all times unless the map is changed. This is so we can create the same
+	// hash and don't have to worry about the order the data is represented in
+	// the map. With other words, we need a slice representation to guarantee the
+	// order, since with a map we can not guarantee the order.
+	fromNodesSlice := a.nodeMapToSlice(hostNodeOrGroup)
+	//fmt.Printf(" * generateJSONForNode:ACLMap for nodeName=%v: %+v\n", hostNodeOrGroup, a.schemaMain.ACLMap[hostNodeOrGroup])
+	//fmt.Printf(" * generateJSONForNode:fromNodesSlice: %+v\n", fromNodesSlice)
+
+	jsonFromNodesSlice, err := json.Marshal(fromNodesSlice)
+	if err != nil {
+		err := fmt.Errorf("error: authSchema, json for hash:  %v", err)
+		log.Printf("%v\n", err)
+		return err
+	}
+
+	hash := sha256.Sum256(jsonFromNodesSlice)
+
+	// Generate a JSON representation of the current map[fromNodes]map[command]struct{}
+	// that will be sent to nodes, and store this alongside the hash value.
+
+	// ------------------------------------------------------------------------------------------------------
+
+	// We need to convert the node field to a slice to handle if a group is specified,
+	// so we can update the generated map for each indivial host.
+	hostNodes := a.convertNodeToNodeSlice(hostNodeOrGroup)
+	mapOfFromNodeCommands := make(map[node]map[command]struct{})
+
+	// If nodeHost was a group we need loop for each hostnode element the ACL is for.
+	for _, n := range hostNodes {
+		//fmt.Printf("---------nodes iteration, n=%v, where func_nodeName=%v\n", n, hostNodeOrGroup)
+
+		//fmt.Printf(" *** DEBUG1: generateJSONForNode: func_variable_nodeName=%v, n=%v, ACLMap=%v\n", hostNodeOrGroup, n, a.schemaMain.ACLMap)
+
+		//REMOVED:mapOfFromNodeCommands := make(map[node]map[command]struct{})
+
+		//fmt.Printf(" *** DEBUG2:  generateJSONForNode: mapOfFromNodeCommands: %v\n\n", mapOfFromNodeCommands)
+		//fmt.Printf(" * generateJSONForNode: ACLMap for node=%v: %+v\n", hostNodeOrGroup, a.schemaMain.ACLMap[hostNodeOrGroup])
+
+		// TODO: If the node is a group node, we also need to get eventual single ACL for that node,
+		//		 and also the also the other way around.
+
+		// Get the fromNode and the commandMap
+		for fromNodeOrGroup, commandMap := range a.schemaMain.ACLMap[n] {
+			//fmt.Printf(" * fnOrig=%v, commandMapOrig=%v\n", fromNodeOrGroup, commandMap)
+
+			// Convert the fromnode into a slice, and expand if it is a group entry
+			fromNodeSlice := a.convertNodeToNodeSlice(fromNodeOrGroup)
+			//fmt.Printf(" * fnConvToSlice=%v\n", fromNodeSlice)
+
+			// Range the slice of expanded fromnodes
+			// For each of the exanded from nodes, we create a new entry in the new map.
+			for _, fromNodeSingle := range fromNodeSlice {
+				//fmt.Printf(" ** fnFromSlice=%v\n", fromNodeSingle)
+				mapOfFromNodeCommands[fromNodeSingle] = make(map[command]struct{})
+
+				// Get the command map entry for the current fromNode
+				for c, _ := range commandMap {
+
+					// Convert the command into a slice, and expand if it is a group entry
+					cmdConvToSlice := a.convertCommandToCommandSlice(c)
+					// fmt.Printf(" *** Before converting to slice, map contains: %v\n", cmdOrig)
+					// fmt.Printf(" *** cmdConvToSlice=%v\n", cmdConvToSlice)
+
+					// Get the actual command.
+					for _, cmdFromSlice := range cmdConvToSlice {
+						// fmt.Printf(" **** cmdFromSlice=%v\n", cmdFromSlice)
+						mapOfFromNodeCommands[fromNodeSingle][cmdFromSlice] = struct{}{}
+					}
+				}
+			}
+		}
+
+		// fmt.Printf(" ***** mapOfFromNodeCommands=%+v\n", mapOfFromNodeCommands)
+
+		// For all iterations, and both for single nodes and group expanded nodes we
+		// want to marshal the same data value as the generated data.
+		// jsonFromNodes, err := json.Marshal(a.schemaMain.NodeMap[nodeName])
+		jsonFromNodes, err := json.Marshal(mapOfFromNodeCommands)
+		if err != nil {
+			err := fmt.Errorf("error: authSchema, json for schemafromnodes: %v", err)
+			log.Printf("%v\n", err)
+			return err
+		}
+
+		// Save the data in the generated map using the unique n got'n from each iteration.
+		a.schemaGenerated.mu.Lock()
+		a.schemaGenerated.NodeMap[n] = NodeDataWithHash{
+			Data: jsonFromNodes,
+			Hash: hash,
+		}
+		a.schemaGenerated.mu.Unlock()
+
+		//fmt.Printf("\n * generateJSONForNode: hash %v, json:%+v\n", hash, string(jsonFromNodes))
+		fmt.Printf("\n * generateJSONForNode: hostNode=%v, json:%+v\n", n, string(jsonFromNodes))
+
+	}
+	return nil
+}
+
+// convertNodeToNodeSlice will convert the given argument into a slice representation.
+// If the argument is a group, then all the members of that group will be expanded into
+// the slice.
+// If the argument is not a group kind of value, then only a slice with that single
+// value is returned.
+func (a *authSchema) OLDconvertNodeToNodeSlice(n node) []node {
+	nodes := []node{}
+
+	// Check if we are given a nodeGroup variable, and if we are, get all the
+	// nodes for that group.
+	if strings.HasPrefix(string(n), "grp_nodes_") {
+		nodes = append(nodes, n)
+		for nd := range a.schemaMain.NodeGroupMap[nodeGroup(n)] {
+			nodes = append(nodes, nd)
+		}
+	} else {
+		// No group found meaning a single node was given as an argument, so we
+		// just put the single node given as the only value in the slice.
+		nodes = []node{n}
+	}
+
+	fmt.Printf(" * DEBUG: nodes contains, %v\n", nodes)
+
+	return nodes
+
+	//nodes := []node{}
+	//
+	//// Check if we are given a nodeGroup variable, and if we are, get all the
+	//// nodes for that group.
+	//if strings.HasPrefix(string(n), "grp_nodes_") {
+	//	for nd := range a.schemaMain.NodeGroupMap[nodeGroup(n)] {
+	//		nodes = append(nodes, nd)
+	//	}
+	//} else {
+	//	// No group found meaning a single node was given as an argument, so we
+	//	// just put the single node given as the only value in the slice.
+	//	nodes = []node{n}
+	//}
+	//
+	//return nodes
+}
+
+// NB: Last example before going for generateall instead
+//
+// generateJSONForNode will generate a json encoded representation of the node specific
+// map values of authSchema, along with a hash of the data.
+func (a *authSchema) generateJSONForHostOrGroup(hostNodeOrGroup node) error {
+	fmt.Printf("-----------------NEW COMMAND ADDED, running generateJSONForHostOrGroup-------------------\n")
+	fmt.Printf("ACLMap=%+v\n", a.schemaMain.ACLMap)
+	// Expand eventual groups
+	hostNodesAndGroups := a.convertGRPToHostnamesOnly(hostNodeOrGroup)
+
+	ACLsToConvert := make(map[node]map[node]map[command]struct{})
+	// We need to range the slice to get all the ACL's for a host or group of hosts.
+	for _, n := range hostNodesAndGroups {
+		if ACLsToConvert[n] == nil {
+			ACLsToConvert[n] = make(map[node]map[command]struct{})
+		}
+		fmt.Printf("\n * Current hostNodesAndGroups=%v, n=%v\n", hostNodesAndGroups, n)
+		fmt.Printf(" * Found ACL for node=%v, ACL=%v\n", n, a.schemaMain.ACLMap[n])
+
+		for fnOrFg, cmdMapForFnOrFg := range a.schemaMain.ACLMap[n] {
+
+			for cmd, vv := range cmdMapForFnOrFg {
+
+				// Expand eventual groups, so we use real fromNode nodenames in ACL for nodes.
+				nds := a.convertGRPToHostnamesOnly(fnOrFg)
+				for _, fn := range nds {
+					if ACLsToConvert[n][fn] == nil {
+						ACLsToConvert[n][fn] = make(map[command]struct{})
+					}
+					ACLsToConvert[n][fn][cmd] = vv
+					fmt.Printf(" * Adding to map: When n=%v, ACLsToConvert[nn]=%v\n", n, ACLsToConvert[n])
+				}
+			}
+		}
+
+		//fmt.Printf(" * DEBUG: ACLsToConvert=%v\n", ACLsToConvert)
+
+	}
+
+	if strings.HasPrefix(string(hostNodeOrGroup), "grp_nodes_") {
+		fmt.Printf("\n THIS RUN IT IS A GROUP: %v\n\n", hostNodeOrGroup)
+	}
+
+	fmt.Printf("\n * ACLsToConvert=%v\n", ACLsToConvert)
+	fmt.Printf(" * schemaGenerated = %v\n", a.schemaGenerated.NodeMap)
+
+	// We only want to store JSON in the map under real names, not group names.
+	nds := a.convertGRPToHostnamesOnly(hostNodeOrGroup)
+	for _, n := range nds {
+
+		b, err := json.Marshal(ACLsToConvert[n])
+		if err != nil {
+			log.Printf("error: marshaling: %v\n", err)
+			return err
+		}
+
+		a.schemaGenerated.mu.Lock()
+		a.schemaGenerated.NodeMap[n] = NodeDataWithHash{
+			Data: b,
+			Hash: [32]byte{},
+		}
+		a.schemaGenerated.mu.Unlock()
+	}
+
+	return nil
+}
+
+// convertNodeToNodeSlice will convert the given argument into a slice representation.
+// If the argument is a group, then all the members of that group will be expanded into
+// the slice.
+// If the argument is not a group kind of value, then only a slice with that single
+// value is returned.
+func (a *authSchema) convToNodeSliceKeepGroup(n node) []node {
+	nodes := []node{}
+
+	// Check if we are given a nodeGroup variable, and if we are, get all the
+	// nodes for that group.
+	if strings.HasPrefix(string(n), "grp_nodes_") {
+		nodes = append(nodes, n)
+		for nd := range a.schemaMain.NodeGroupMap[nodeGroup(n)] {
+			nodes = append(nodes, nd)
+		}
+	} else {
+		// No group found meaning a single node was given as an argument.
+		nodes = []node{n}
+
+		//// Check if the node is a part of other groups.
+		//for ng, v := range a.schemaMain.NodeGroupMap {
+		//	if _, ok := v[n]; ok {
+		//		nodes = append(nodes, node(ng))
+		//	}
+		//}
+
+	}
+
+	return nodes
+}

go.mod

@@ -6,6 +6,7 @@ require (
 	github.com/fsnotify/fsnotify v1.4.9
 	github.com/fxamacker/cbor/v2 v2.3.1
 	github.com/gdamore/tcell/v2 v2.4.1-0.20210905002822-f057f0a857a1
+	github.com/go-playground/validator/v10 v10.10.1
 	github.com/hpcloud/tail v1.0.0
 	github.com/klauspost/compress v1.14.2
 	github.com/nats-io/nats-server/v2 v2.6.2
@@ -21,7 +22,10 @@ require (
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.1.1 // indirect
 	github.com/gdamore/encoding v1.0.0 // indirect
+	github.com/go-playground/locales v0.14.0 // indirect
+	github.com/go-playground/universal-translator v0.18.0 // indirect
 	github.com/golang/protobuf v1.4.3 // indirect
+	github.com/leodido/go-urn v1.2.1 // indirect
 	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
 	github.com/mattn/go-runewidth v0.0.13 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect

go.sum

@@ -10,6 +10,7 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/cespare/xxhash/v2 v2.1.1 h1:6MnRN8NT7+YBpUIWxHtefFZOKTAPgGjpQSxqLNn0+qY=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -27,6 +28,14 @@ github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vb
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
 github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
+github.com/go-playground/assert/v2 v2.0.1 h1:MsBgLAaY856+nPRTKrp3/OZK38U/wa0CcBYNjji3q3A=
+github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
+github.com/go-playground/locales v0.14.0 h1:u50s323jtVGugKlcYeyzC0etD1HifMjqmJqb8WugfUU=
+github.com/go-playground/locales v0.14.0/go.mod h1:sawfccIbzZTqEDETgFXqTho0QybSa7l++s0DH+LDiLs=
+github.com/go-playground/universal-translator v0.18.0 h1:82dyy6p4OuJq4/CByFNOn/jYrnRPArHwAcmLoJZxyho=
+github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA=
+github.com/go-playground/validator/v10 v10.10.1 h1:uA0+amWMiglNZKZ9FJRKUAe9U3RX91eVn1JYXMWt7ig=
+github.com/go-playground/validator/v10 v10.10.1/go.mod h1:i+3WkQ1FvaUjjxh1kSvIA4dMGDBiPU55YFDl0WbKdWU=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
@@ -62,11 +71,16 @@ github.com/klauspost/compress v1.14.2/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47e
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
-github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
+github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w=
+github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY=
 github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY=
 github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0=
 github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU=
@@ -87,12 +101,7 @@ github.com/nats-io/jwt/v2 v2.2.1-0.20220113022732-58e87895b296 h1:vU9tpM3apjYlLL
 github.com/nats-io/jwt/v2 v2.2.1-0.20220113022732-58e87895b296/go.mod h1:0tqz9Hlu6bCBFLWAASKhE5vUA4c24L9KPUUgvwumE/k=
 github.com/nats-io/nats-server/v2 v2.6.2 h1:uMydiSENbgRPsXHBYDvVVVx1d0inut/zd+DvISIGCi8=
 github.com/nats-io/nats-server/v2 v2.6.2/go.mod h1:CNi6dJQ5H+vWqaoWKjCGtqBt7ai/xOTLiocUqhK6ews=
-github.com/nats-io/nats-server/v2 v2.7.2 h1:+LEN8m0+jdCkiGc884WnDuxR+qj80/5arj+szKuRpRI=
-github.com/nats-io/nats-server/v2 v2.7.2/go.mod h1:tckmrt0M6bVaDT3kmh9UrIq/CBOBBse+TpXQi5ldaa8=
-github.com/nats-io/nats.go v1.13.0 h1:LvYqRB5epIzZWQp6lmeltOOZNLqCvm4b+qfvzZO03HE=
 github.com/nats-io/nats.go v1.13.0/go.mod h1:BPko4oXsySz4aSWeFgOHLZs3G4Jq4ZAyE6/zMCxRT6w=
-github.com/nats-io/nats.go v1.13.1-0.20220121202836-972a071d373d h1:GRSmEJutHkdoxKsRypP575IIdoXe7Bm6yHQF6GcDBnA=
-github.com/nats-io/nats.go v1.13.1-0.20220121202836-972a071d373d/go.mod h1:BPko4oXsySz4aSWeFgOHLZs3G4Jq4ZAyE6/zMCxRT6w=
 github.com/nats-io/nats.go v1.14.0 h1:/QLCss4vQ6wvDpbqXucsVRDi13tFIR6kTdau+nXzKJw=
 github.com/nats-io/nats.go v1.14.0/go.mod h1:BPko4oXsySz4aSWeFgOHLZs3G4Jq4ZAyE6/zMCxRT6w=
 github.com/nats-io/nkeys v0.3.0 h1:cgM5tL53EvYRU+2YLXIK0G2mJtK12Ft9oeooSZMA2G8=
@@ -101,9 +110,11 @@ github.com/nats-io/nuid v1.0.1 h1:5iA8DT8V7q8WK2EScv2padNa/rTESc1KdnPw4TC2paw=
 github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c=
 github.com/pelletier/go-toml v1.8.1 h1:1Nf83orprkJyknT6h7zbuEGUEjcyVlCxSUGTENmNCRM=
 github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrapLU/GW4pbc=
+github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
@@ -127,6 +138,9 @@ github.com/rivo/tview v0.0.0-20220106183741-90d72bc664f5 h1:n0qwaaNXgplKv5AeDIzp
 github.com/rivo/tview v0.0.0-20220106183741-90d72bc664f5/go.mod h1:WIfMkQNY+oq/mWwtsjOYHIZBuwthioY2srOmljJkTnk=
 github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
+github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
+github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8=
+github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
@@ -135,6 +149,9 @@ github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 go.etcd.io/bbolt v1.3.5 h1:XAzx9gjCb0Rxj7EoqcClPD1d5ZBxZJk0jbuoPHenBt0=
@@ -144,8 +161,7 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210314154223-e6e6c4f2bb5b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20220214200702-86341886e292 h1:f+lwQ+GtmgoY+A2YaQxlSOnDjXcQ7ZRLWOHbC6HtRqE=
-golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29 h1:tkVvjkPTB7pnW3jnid7kNyAMPVWllTNOf/qKDze4p9o=
 golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -155,6 +171,7 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn
 golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -175,8 +192,10 @@ golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210309074719-68d13333faf2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220209214540-3681064d5158 h1:rm+CHSpPEEW2IsXUib1ThaHIjuBVZjxNgSKmBLFfD4c=
 golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
@@ -207,8 +226,11 @@ google.golang.org/protobuf v1.26.0-rc.1 h1:7QnIQpGRHE5RnLKnESfDoxm2dTapTZua5a0kS
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
@@ -218,5 +240,6 @@ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=