package clientv3

import (
    "fmt"
    "strings"

    "github.com/coreos/etcd/auth/authpb"
    pb "github.com/coreos/etcd/etcdserver/etcdserverpb"
    "golang.org/x/net/context"
    "google.golang.org/grpc"
)

type (
    AuthEnableResponse               pb.AuthEnableResponse
    AuthDisableResponse              pb.AuthDisableResponse
    AuthenticateResponse             pb.AuthenticateResponse
    AuthUserAddResponse              pb.AuthUserAddResponse
    AuthUserDeleteResponse           pb.AuthUserDeleteResponse
    AuthUserChangePasswordResponse   pb.AuthUserChangePasswordResponse
    AuthUserGrantRoleResponse        pb.AuthUserGrantRoleResponse
    AuthUserGetResponse              pb.AuthUserGetResponse
    AuthUserRevokeRoleResponse       pb.AuthUserRevokeRoleResponse
    AuthRoleAddResponse              pb.AuthRoleAddResponse
    AuthRoleGrantPermissionResponse  pb.AuthRoleGrantPermissionResponse
    AuthRoleGetResponse              pb.AuthRoleGetResponse
    AuthRoleRevokePermissionResponse pb.AuthRoleRevokePermissionResponse
    AuthRoleDeleteResponse           pb.AuthRoleDeleteResponse
    AuthUserListResponse             pb.AuthUserListResponse
    AuthRoleListResponse             pb.AuthRoleListResponse

    PermissionType authpb.Permission_Type
    Permission     authpb.Permission
)

const (
    PermRead      = authpb.READ
    PermWrite     = authpb.WRITE
    PermReadWrite = authpb.READWRITE
)

type Auth interface {
    // AuthEnable enables auth of an etcd cluster.
       //开启授权在 etcd集群中
    AuthEnable(ctx context.Context) (*AuthEnableResponse, error)

    // AuthDisable disables auth of an etcd cluster.
//关闭授权 在集群中
    AuthDisable(ctx context.Context) (*AuthDisableResponse, error)

    // UserAdd adds a new user to an etcd cluster.
//添加一个用户到集群中
    UserAdd(ctx context.Context, name string, password string) (*AuthUserAddResponse, error)

    // UserDelete deletes a user from an etcd cluster.
//在集群中删除一个用户
    UserDelete(ctx context.Context, name string) (*AuthUserDeleteResponse, error)

    // UserChangePassword changes a password of a user.
//改变集群中一个用户密码
    UserChangePassword(ctx context.Context, name string, password string) (*AuthUserChangePasswordResponse, error)

    // UserGrantRole grants a role to a user.
//授权一个角色给一个用户
    UserGrantRole(ctx context.Context, user string, role string) (*AuthUserGrantRoleResponse, error)

    // UserGet gets a detailed information of a user.
//得到一个用户信息信息
    UserGet(ctx context.Context, name string) (*AuthUserGetResponse, error)

    // UserList gets a list of all users.
    UserList(ctx context.Context) (*AuthUserListResponse, error)

    // UserRevokeRole revokes a role of a user.
//撤销一个用户的角色
    UserRevokeRole(ctx context.Context, name string, role string) (*AuthUserRevokeRoleResponse, error)

    // RoleAdd adds a new role to an etcd cluster.
//在集群中 添加一个角色
    RoleAdd(ctx context.Context, name string) (*AuthRoleAddResponse, error)

    // RoleGrantPermission grants a permission to a role.
//授权给一个角色的操作权限
    RoleGrantPermission(ctx context.Context, name string, key, rangeEnd string, permType PermissionType) (*AuthRoleGrantPermissionResponse, error)

    // RoleGet gets a detailed information of a role.
//获取一个角色的详细信息
    RoleGet(ctx context.Context, role string) (*AuthRoleGetResponse, error)

    // RoleList gets a list of all roles.
//获取集群中 所有的角色列表
    RoleList(ctx context.Context) (*AuthRoleListResponse, error)

    // RoleRevokePermission revokes a permission from a role.
//撤销一个角色对应的权限  与RoleGrantPermission  相反的操作
    RoleRevokePermission(ctx context.Context, role string, key, rangeEnd string) (*AuthRoleRevokePermissionResponse, error)

    // RoleDelete deletes a role.
//删除一个角色
    RoleDelete(ctx context.Context, role string) (*AuthRoleDeleteResponse, error)
}
//授权结构体
type auth struct {
    c *Client
    conn   *grpc.ClientConn // conn in-use
    remote pb.AuthClient
}
//新建一个授权对象
func NewAuth(c *Client) Auth {
    conn := c.ActiveConnection()
    return &auth{
        conn:   c.ActiveConnection(),
        remote: pb.NewAuthClient(conn),
        c:      c,
    }
}
//
func (auth *auth) AuthEnable(ctx context.Context) (*AuthEnableResponse, error) {
    resp, err := auth.remote.AuthEnable(ctx, &pb.AuthEnableRequest{}, grpc.FailFast(false))
    return (*AuthEnableResponse)(resp), toErr(ctx, err)
}

func (auth *auth) AuthDisable(ctx context.Context) (*AuthDisableResponse, error) {
    resp, err := auth.remote.AuthDisable(ctx, &pb.AuthDisableRequest{}, grpc.FailFast(false))
    return (*AuthDisableResponse)(resp), toErr(ctx, err)
}

func (auth *auth) UserAdd(ctx context.Context, name string, password string) (*AuthUserAddResponse, error) {
    resp, err := auth.remote.UserAdd(ctx, &pb.AuthUserAddRequest{Name: name, Password: password})
    return (*AuthUserAddResponse)(resp), toErr(ctx, err)
}

func (auth *auth) UserDelete(ctx context.Context, name string) (*AuthUserDeleteResponse, error) {
    resp, err := auth.remote.UserDelete(ctx, &pb.AuthUserDeleteRequest{Name: name})
    return (*AuthUserDeleteResponse)(resp), toErr(ctx, err)
}

func (auth *auth) UserChangePassword(ctx context.Context, name string, password string) (*AuthUserChangePasswordResponse, error) {
    resp, err := auth.remote.UserChangePassword(ctx, &pb.AuthUserChangePasswordRequest{Name: name, Password: password})
    return (*AuthUserChangePasswordResponse)(resp), toErr(ctx, err)
}

func (auth *auth) UserGrantRole(ctx context.Context, user string, role string) (*AuthUserGrantRoleResponse, error) {
    resp, err := auth.remote.UserGrantRole(ctx, &pb.AuthUserGrantRoleRequest{User: user, Role: role})
    return (*AuthUserGrantRoleResponse)(resp), toErr(ctx, err)
}

func (auth *auth) UserGet(ctx context.Context, name string) (*AuthUserGetResponse, error) {
    resp, err := auth.remote.UserGet(ctx, &pb.AuthUserGetRequest{Name: name}, grpc.FailFast(false))
    return (*AuthUserGetResponse)(resp), toErr(ctx, err)
}

func (auth *auth) UserList(ctx context.Context) (*AuthUserListResponse, error) {
    resp, err := auth.remote.UserList(ctx, &pb.AuthUserListRequest{}, grpc.FailFast(false))
    return (*AuthUserListResponse)(resp), toErr(ctx, err)
}

func (auth *auth) UserRevokeRole(ctx context.Context, name string, role string) (*AuthUserRevokeRoleResponse, error) {
    resp, err := auth.remote.UserRevokeRole(ctx, &pb.AuthUserRevokeRoleRequest{Name: name, Role: role})
    return (*AuthUserRevokeRoleResponse)(resp), toErr(ctx, err)
}

func (auth *auth) RoleAdd(ctx context.Context, name string) (*AuthRoleAddResponse, error) {
    resp, err := auth.remote.RoleAdd(ctx, &pb.AuthRoleAddRequest{Name: name})
    return (*AuthRoleAddResponse)(resp), toErr(ctx, err)
}

func (auth *auth) RoleGrantPermission(ctx context.Context, name string, key, rangeEnd string, permType PermissionType) (*AuthRoleGrantPermissionResponse, error) {
    perm := &authpb.Permission{
        Key:      []byte(key),
        RangeEnd: []byte(rangeEnd),
        PermType: authpb.Permission_Type(permType),
    }
    resp, err := auth.remote.RoleGrantPermission(ctx, &pb.AuthRoleGrantPermissionRequest{Name: name, Perm: perm})
    return (*AuthRoleGrantPermissionResponse)(resp), toErr(ctx, err)
}

func (auth *auth) RoleGet(ctx context.Context, role string) (*AuthRoleGetResponse, error) {
    resp, err := auth.remote.RoleGet(ctx, &pb.AuthRoleGetRequest{Role: role}, grpc.FailFast(false))
    return (*AuthRoleGetResponse)(resp), toErr(ctx, err)
}

func (auth *auth) RoleList(ctx context.Context) (*AuthRoleListResponse, error) {
    resp, err := auth.remote.RoleList(ctx, &pb.AuthRoleListRequest{}, grpc.FailFast(false))
    return (*AuthRoleListResponse)(resp), toErr(ctx, err)
}

func (auth *auth) RoleRevokePermission(ctx context.Context, role string, key, rangeEnd string) (*AuthRoleRevokePermissionResponse, error) {
    resp, err := auth.remote.RoleRevokePermission(ctx, &pb.AuthRoleRevokePermissionRequest{Role: role, Key: key, RangeEnd: rangeEnd})
    return (*AuthRoleRevokePermissionResponse)(resp), toErr(ctx, err)
}

func (auth *auth) RoleDelete(ctx context.Context, role string) (*AuthRoleDeleteResponse, error) {
    resp, err := auth.remote.RoleDelete(ctx, &pb.AuthRoleDeleteRequest{Role: role})
    return (*AuthRoleDeleteResponse)(resp), toErr(ctx, err)
}

func StrToPermissionType(s string) (PermissionType, error) {
    val, ok := authpb.Permission_Type_value[strings.ToUpper(s)]
    if ok {
        return PermissionType(val), nil
    }
    return PermissionType(-1), fmt.Errorf("invalid permission type: %s", s)
}

type authenticator struct {
    conn   *grpc.ClientConn // conn in-use
    remote pb.AuthClient
}

func (auth *authenticator) authenticate(ctx context.Context, name string, password string) (*AuthenticateResponse, error) {
    resp, err := auth.remote.Authenticate(ctx, &pb.AuthenticateRequest{Name: name, Password: password}, grpc.FailFast(false))
    return (*AuthenticateResponse)(resp), toErr(ctx, err)
}

func (auth *authenticator) close() {
    auth.conn.Close()
}

func newAuthenticator(endpoint string, opts []grpc.DialOption) (*authenticator, error) {
    conn, err := grpc.Dial(endpoint, opts...)
    if err != nil {
        return nil, err
    }

    return &authenticator{
        conn:   conn,
        remote: pb.NewAuthClient(conn),
    }, nil
}

auth.go的更多相关文章

  1. Laravel 5.3 auth中间件底层实现详解

    1. 注册认证中间件, 在文件 app/Http/Kernel.php 内完成: protected $routeMiddleware = [ 'auth' => \Illuminate\Aut ...

  2. httpclient进行basic auth认证

    private HttpClientContext context = HttpClientContext.create(); public void addUserOAuth(String user ...

  3. Apache增加Basic Auth

    在.htaccess文件中增加 AuthUserFile /var/www/htpasswd/test.htpasswd AuthName EnterPassword AuthType Basic r ...

  4. asp.net mvc api auth

    一.登录 /// <summary> /// 获取令牌 /// </summary> /// <param name="userName">用户 ...

  5. Send Push Notifications to iOS Devices using Xcode 8 and Swift 3, APNs Auth Key

    Send Push Notifications to iOS Devices using Xcode 8 and Swift 3 OCT 6, 2016 Push notifications are ...

  6. RBAC在thinkphp中有Auth类 可以很好的实现权限控制

    import('ORG.Util.Auth');//加载类库 $auth=new Auth(); if($auth->check('show_button',1)){// 第一个参数是规则名称, ...

  7. 智慧城市的【Auth】登录对象

    从Auth对象看前端:1.将与Auth对象相关的功能分离出来.所含的内容包括:[个人中心相关信息的显示,注册,登录,忘记密码,修改密码,个人信息修改]. 2.从“我的”页面开始,显示使用哪儿的数据,需 ...

  8. auth用户认证库

    关于auth库,建议如下:1. ion_auth,基于Redux重写而成,非常不错的认证库,国外用的很多,几个最新的ci2.0.2基础上的开源系统(如doveforum)都用它,支持ci 2.0和以上 ...

  9. Redis集群~StackExchange.Redis(10月6号版1.1.608.0)连接Twemproxy支持Auth指令了

    回到目录 对于StackExchange.Redis这个驱动来说,之前的版本在使用Proxy为Twemproxy代理时,它是不支持Password属性的,即不支持原始的Auth指令,而我也修改过源代码 ...

  10. Server asks us to fall back to SIMPLE auth, but this client is configured to only allow secure connections.

    我是在flume向hdfs 写(sink)数据时遇到的这个错误. Server (是指hdfs) asks us to fall back to SIMPLE auth, but this clien ...

随机推荐

  1. javaScript(3)---语法、关键保留字及变量

    学习要点: 1.语法构成 2.关键字保留字 3.变量 任何语言的核心都必然会描述这门语言最基本的工作原理.而JavaScript的语言核心就是ECMAScript 一.语法构成 区分大小写:ECMAS ...

  2. Java——接口

    被interface修饰的类,叫接口接口里的方法都是抽象的,不能实现.用implements关键字可以让一个类来实现该接口.接口:一个类在继承另一个类的同时.还可以实现多个接口.接口的出现避免了单继承 ...

  3. golang升级

    系统安装软件一般在/usr/share,可执行的文件在/usr/bin,配置文件可能安装到了/etc下等. 文档一般在 /usr/share 可执行文件 /usr/bin 配置文件 /etc lib文 ...

  4. unity零基础开始学习做游戏(三)鼠标输入,来个虚拟摇杆怎么样?

    -------小基原创,转载请给我一个面子 现在移动游戏越来越火,大家都拿手机平板玩游戏,没有键盘和手柄输入,所以就不得不看看虚拟摇杆怎么搞?(小基对于没有实体反馈不是很喜欢呢) 首先要清楚,鼠标操作 ...

  5. Centos 7安装python3

    纯傻瓜式步骤,保证成功. 下面的操作,按照步骤来就可以了,不要在中途cd 到别的文件目录下,要想查看效果可以用 lsj加上对应的目录,不需要切换进去. 首先不管你当前在哪个目录下,输入以下命令. [r ...

  6. C语言中函数中传入一个数组,并且返回一个数组

    一.C语言可以很容易将一个数组传递给一个自定义函数,格式如下: main() { adb(float a[],int n); } float adb(float a[],int n) { …… ret ...

  7. MQTT入手笔记(二)

    Mosquitto是一个实现了MQTT3.1协议的代理服务器,由MQTT协议创始人之一的Andy Stanford-Clark开发,它为我们提供了非常棒的轻量级数据交换的解决方案.本文的主旨在于记录M ...

  8. 在C# 中 如何限制在文本框(textBox)中输入的类型为正整数

    在文本框的 KeyPress 事件中写下这些代码就可以保证是正整数了 private void textBox1_KeyPress(object sender, KeyPressEventArgs e ...

  9. Python_自定义有向图

    directedGraph.py class DirectedGraph(object): def __init__(self,d): if isinstance(d,dict): self.__gr ...

  10. popup_layer插件示例

    导入popup_layer.js插件 设置好显示的div: <div class="main" id="showImg" style="disp ...