package clientv3

import (
    "fmt"
    "strings"

    "github.com/coreos/etcd/auth/authpb"
    pb "github.com/coreos/etcd/etcdserver/etcdserverpb"
    "golang.org/x/net/context"
    "google.golang.org/grpc"
)

type (
    AuthEnableResponse               pb.AuthEnableResponse
    AuthDisableResponse              pb.AuthDisableResponse
    AuthenticateResponse             pb.AuthenticateResponse
    AuthUserAddResponse              pb.AuthUserAddResponse
    AuthUserDeleteResponse           pb.AuthUserDeleteResponse
    AuthUserChangePasswordResponse   pb.AuthUserChangePasswordResponse
    AuthUserGrantRoleResponse        pb.AuthUserGrantRoleResponse
    AuthUserGetResponse              pb.AuthUserGetResponse
    AuthUserRevokeRoleResponse       pb.AuthUserRevokeRoleResponse
    AuthRoleAddResponse              pb.AuthRoleAddResponse
    AuthRoleGrantPermissionResponse  pb.AuthRoleGrantPermissionResponse
    AuthRoleGetResponse              pb.AuthRoleGetResponse
    AuthRoleRevokePermissionResponse pb.AuthRoleRevokePermissionResponse
    AuthRoleDeleteResponse           pb.AuthRoleDeleteResponse
    AuthUserListResponse             pb.AuthUserListResponse
    AuthRoleListResponse             pb.AuthRoleListResponse

    PermissionType authpb.Permission_Type
    Permission     authpb.Permission
)

const (
    PermRead      = authpb.READ
    PermWrite     = authpb.WRITE
    PermReadWrite = authpb.READWRITE
)

type Auth interface {
    // AuthEnable enables auth of an etcd cluster.
       //开启授权在 etcd集群中
    AuthEnable(ctx context.Context) (*AuthEnableResponse, error)

    // AuthDisable disables auth of an etcd cluster.
//关闭授权 在集群中
    AuthDisable(ctx context.Context) (*AuthDisableResponse, error)

    // UserAdd adds a new user to an etcd cluster.
//添加一个用户到集群中
    UserAdd(ctx context.Context, name string, password string) (*AuthUserAddResponse, error)

    // UserDelete deletes a user from an etcd cluster.
//在集群中删除一个用户
    UserDelete(ctx context.Context, name string) (*AuthUserDeleteResponse, error)

    // UserChangePassword changes a password of a user.
//改变集群中一个用户密码
    UserChangePassword(ctx context.Context, name string, password string) (*AuthUserChangePasswordResponse, error)

    // UserGrantRole grants a role to a user.
//授权一个角色给一个用户
    UserGrantRole(ctx context.Context, user string, role string) (*AuthUserGrantRoleResponse, error)

    // UserGet gets a detailed information of a user.
//得到一个用户信息信息
    UserGet(ctx context.Context, name string) (*AuthUserGetResponse, error)

    // UserList gets a list of all users.
    UserList(ctx context.Context) (*AuthUserListResponse, error)

    // UserRevokeRole revokes a role of a user.
//撤销一个用户的角色
    UserRevokeRole(ctx context.Context, name string, role string) (*AuthUserRevokeRoleResponse, error)

    // RoleAdd adds a new role to an etcd cluster.
//在集群中 添加一个角色
    RoleAdd(ctx context.Context, name string) (*AuthRoleAddResponse, error)

    // RoleGrantPermission grants a permission to a role.
//授权给一个角色的操作权限
    RoleGrantPermission(ctx context.Context, name string, key, rangeEnd string, permType PermissionType) (*AuthRoleGrantPermissionResponse, error)

    // RoleGet gets a detailed information of a role.
//获取一个角色的详细信息
    RoleGet(ctx context.Context, role string) (*AuthRoleGetResponse, error)

    // RoleList gets a list of all roles.
//获取集群中 所有的角色列表
    RoleList(ctx context.Context) (*AuthRoleListResponse, error)

    // RoleRevokePermission revokes a permission from a role.
//撤销一个角色对应的权限  与RoleGrantPermission  相反的操作
    RoleRevokePermission(ctx context.Context, role string, key, rangeEnd string) (*AuthRoleRevokePermissionResponse, error)

    // RoleDelete deletes a role.
//删除一个角色
    RoleDelete(ctx context.Context, role string) (*AuthRoleDeleteResponse, error)
}
//授权结构体
type auth struct {
    c *Client
    conn   *grpc.ClientConn // conn in-use
    remote pb.AuthClient
}
//新建一个授权对象
func NewAuth(c *Client) Auth {
    conn := c.ActiveConnection()
    return &auth{
        conn:   c.ActiveConnection(),
        remote: pb.NewAuthClient(conn),
        c:      c,
    }
}
//
func (auth *auth) AuthEnable(ctx context.Context) (*AuthEnableResponse, error) {
    resp, err := auth.remote.AuthEnable(ctx, &pb.AuthEnableRequest{}, grpc.FailFast(false))
    return (*AuthEnableResponse)(resp), toErr(ctx, err)
}

func (auth *auth) AuthDisable(ctx context.Context) (*AuthDisableResponse, error) {
    resp, err := auth.remote.AuthDisable(ctx, &pb.AuthDisableRequest{}, grpc.FailFast(false))
    return (*AuthDisableResponse)(resp), toErr(ctx, err)
}

func (auth *auth) UserAdd(ctx context.Context, name string, password string) (*AuthUserAddResponse, error) {
    resp, err := auth.remote.UserAdd(ctx, &pb.AuthUserAddRequest{Name: name, Password: password})
    return (*AuthUserAddResponse)(resp), toErr(ctx, err)
}

func (auth *auth) UserDelete(ctx context.Context, name string) (*AuthUserDeleteResponse, error) {
    resp, err := auth.remote.UserDelete(ctx, &pb.AuthUserDeleteRequest{Name: name})
    return (*AuthUserDeleteResponse)(resp), toErr(ctx, err)
}

func (auth *auth) UserChangePassword(ctx context.Context, name string, password string) (*AuthUserChangePasswordResponse, error) {
    resp, err := auth.remote.UserChangePassword(ctx, &pb.AuthUserChangePasswordRequest{Name: name, Password: password})
    return (*AuthUserChangePasswordResponse)(resp), toErr(ctx, err)
}

func (auth *auth) UserGrantRole(ctx context.Context, user string, role string) (*AuthUserGrantRoleResponse, error) {
    resp, err := auth.remote.UserGrantRole(ctx, &pb.AuthUserGrantRoleRequest{User: user, Role: role})
    return (*AuthUserGrantRoleResponse)(resp), toErr(ctx, err)
}

func (auth *auth) UserGet(ctx context.Context, name string) (*AuthUserGetResponse, error) {
    resp, err := auth.remote.UserGet(ctx, &pb.AuthUserGetRequest{Name: name}, grpc.FailFast(false))
    return (*AuthUserGetResponse)(resp), toErr(ctx, err)
}

func (auth *auth) UserList(ctx context.Context) (*AuthUserListResponse, error) {
    resp, err := auth.remote.UserList(ctx, &pb.AuthUserListRequest{}, grpc.FailFast(false))
    return (*AuthUserListResponse)(resp), toErr(ctx, err)
}

func (auth *auth) UserRevokeRole(ctx context.Context, name string, role string) (*AuthUserRevokeRoleResponse, error) {
    resp, err := auth.remote.UserRevokeRole(ctx, &pb.AuthUserRevokeRoleRequest{Name: name, Role: role})
    return (*AuthUserRevokeRoleResponse)(resp), toErr(ctx, err)
}

func (auth *auth) RoleAdd(ctx context.Context, name string) (*AuthRoleAddResponse, error) {
    resp, err := auth.remote.RoleAdd(ctx, &pb.AuthRoleAddRequest{Name: name})
    return (*AuthRoleAddResponse)(resp), toErr(ctx, err)
}

func (auth *auth) RoleGrantPermission(ctx context.Context, name string, key, rangeEnd string, permType PermissionType) (*AuthRoleGrantPermissionResponse, error) {
    perm := &authpb.Permission{
        Key:      []byte(key),
        RangeEnd: []byte(rangeEnd),
        PermType: authpb.Permission_Type(permType),
    }
    resp, err := auth.remote.RoleGrantPermission(ctx, &pb.AuthRoleGrantPermissionRequest{Name: name, Perm: perm})
    return (*AuthRoleGrantPermissionResponse)(resp), toErr(ctx, err)
}

func (auth *auth) RoleGet(ctx context.Context, role string) (*AuthRoleGetResponse, error) {
    resp, err := auth.remote.RoleGet(ctx, &pb.AuthRoleGetRequest{Role: role}, grpc.FailFast(false))
    return (*AuthRoleGetResponse)(resp), toErr(ctx, err)
}

func (auth *auth) RoleList(ctx context.Context) (*AuthRoleListResponse, error) {
    resp, err := auth.remote.RoleList(ctx, &pb.AuthRoleListRequest{}, grpc.FailFast(false))
    return (*AuthRoleListResponse)(resp), toErr(ctx, err)
}

func (auth *auth) RoleRevokePermission(ctx context.Context, role string, key, rangeEnd string) (*AuthRoleRevokePermissionResponse, error) {
    resp, err := auth.remote.RoleRevokePermission(ctx, &pb.AuthRoleRevokePermissionRequest{Role: role, Key: key, RangeEnd: rangeEnd})
    return (*AuthRoleRevokePermissionResponse)(resp), toErr(ctx, err)
}

func (auth *auth) RoleDelete(ctx context.Context, role string) (*AuthRoleDeleteResponse, error) {
    resp, err := auth.remote.RoleDelete(ctx, &pb.AuthRoleDeleteRequest{Role: role})
    return (*AuthRoleDeleteResponse)(resp), toErr(ctx, err)
}

func StrToPermissionType(s string) (PermissionType, error) {
    val, ok := authpb.Permission_Type_value[strings.ToUpper(s)]
    if ok {
        return PermissionType(val), nil
    }
    return PermissionType(-1), fmt.Errorf("invalid permission type: %s", s)
}

type authenticator struct {
    conn   *grpc.ClientConn // conn in-use
    remote pb.AuthClient
}

func (auth *authenticator) authenticate(ctx context.Context, name string, password string) (*AuthenticateResponse, error) {
    resp, err := auth.remote.Authenticate(ctx, &pb.AuthenticateRequest{Name: name, Password: password}, grpc.FailFast(false))
    return (*AuthenticateResponse)(resp), toErr(ctx, err)
}

func (auth *authenticator) close() {
    auth.conn.Close()
}

func newAuthenticator(endpoint string, opts []grpc.DialOption) (*authenticator, error) {
    conn, err := grpc.Dial(endpoint, opts...)
    if err != nil {
        return nil, err
    }

    return &authenticator{
        conn:   conn,
        remote: pb.NewAuthClient(conn),
    }, nil
}

auth.go的更多相关文章

  1. Laravel 5.3 auth中间件底层实现详解

    1. 注册认证中间件, 在文件 app/Http/Kernel.php 内完成: protected $routeMiddleware = [ 'auth' => \Illuminate\Aut ...

  2. httpclient进行basic auth认证

    private HttpClientContext context = HttpClientContext.create(); public void addUserOAuth(String user ...

  3. Apache增加Basic Auth

    在.htaccess文件中增加 AuthUserFile /var/www/htpasswd/test.htpasswd AuthName EnterPassword AuthType Basic r ...

  4. asp.net mvc api auth

    一.登录 /// <summary> /// 获取令牌 /// </summary> /// <param name="userName">用户 ...

  5. Send Push Notifications to iOS Devices using Xcode 8 and Swift 3, APNs Auth Key

    Send Push Notifications to iOS Devices using Xcode 8 and Swift 3 OCT 6, 2016 Push notifications are ...

  6. RBAC在thinkphp中有Auth类 可以很好的实现权限控制

    import('ORG.Util.Auth');//加载类库 $auth=new Auth(); if($auth->check('show_button',1)){// 第一个参数是规则名称, ...

  7. 智慧城市的【Auth】登录对象

    从Auth对象看前端:1.将与Auth对象相关的功能分离出来.所含的内容包括:[个人中心相关信息的显示,注册,登录,忘记密码,修改密码,个人信息修改]. 2.从“我的”页面开始,显示使用哪儿的数据,需 ...

  8. auth用户认证库

    关于auth库,建议如下:1. ion_auth,基于Redux重写而成,非常不错的认证库,国外用的很多,几个最新的ci2.0.2基础上的开源系统(如doveforum)都用它,支持ci 2.0和以上 ...

  9. Redis集群~StackExchange.Redis(10月6号版1.1.608.0)连接Twemproxy支持Auth指令了

    回到目录 对于StackExchange.Redis这个驱动来说,之前的版本在使用Proxy为Twemproxy代理时,它是不支持Password属性的,即不支持原始的Auth指令,而我也修改过源代码 ...

  10. Server asks us to fall back to SIMPLE auth, but this client is configured to only allow secure connections.

    我是在flume向hdfs 写(sink)数据时遇到的这个错误. Server (是指hdfs) asks us to fall back to SIMPLE auth, but this clien ...

随机推荐

  1. ruby 2.x.x之新特性散谈

    ruby入门看的是经典的<ruby编程语言>,可是那描述的是v1.9的老版本啊!下面聊一下ruby2.x.x的新特性,x是0-n都有可能啊. 1.关键字参数(Keyword argumen ...

  2. angular4 ionic3 app

    对于angular系列来说,从2到4仅仅是版本号的变更,绝大部分都是兼容的.  如果按照规范编写代码,一般来说是没有问题的. 学习angular4     快速入门参考  https://www.an ...

  3. 如何让DIV中的文字垂直居中

    var h = $("div").innerHeight(); $("#text").css("font-size", h); $(&quo ...

  4. webpack 4.x 遇到的错误

    由于之前重装电脑,很多之前的小Demo 现在都跑不起来.特别是webpack一直在报错. webpack 安装node 全局安装webpack,webpack-cli(一定要全局安装) 项目初始化 w ...

  5. javascript学习笔记(四) Number 数字类型

    数字格式化方法toFixed().toExponential().toPrecision(),三个方法都四舍五入 toFixed() 方法指定小数位个数  toExponential() 方法 用科学 ...

  6. Spring温故而知新 - bean的装配(续)

    按条件装配bean 就是当满足特定的条件时Spring容器才创建Bean,Spring中通过@Conditional注解来实现条件化配置bean package com.sl.ioc; import ...

  7. Kotlin : Retrofit + RxAndroid + Realm

    https://jqs7.com/kotlin-retrofit-rxandroid-realm/ 原作者:Ahmed Rizwan 原文链接:Kotlin : Retrofit + RxAndroi ...

  8. PYTHON练习题 二. 使用random中的randint函数随机生成一个1~100之间的预设整数让用户键盘输入所猜的数。

    Python 练习 标签: Python Python练习题 Python知识点 二. 使用random中的randint函数随机生成一个1~100之间的预设整数让用户键盘输入所猜的数,如果大于预设的 ...

  9. Lintcode399 Nuts & Bolts Problem solution 题解

    [题目描述] Given a set of n nuts of different sizes and n bolts of different sizes. There is a one-one m ...

  10. ambari安装集群下安装kafka manager

    简介: 不想通过kafka shell来管理kafka已创建的topic信息,想通过管理页面来统一管理和查看kafka集群.所以选择了大部分人使用的kafka manager,我一共有一台主机mast ...