package clientv3

import (
    "fmt"
    "strings"

    "github.com/coreos/etcd/auth/authpb"
    pb "github.com/coreos/etcd/etcdserver/etcdserverpb"
    "golang.org/x/net/context"
    "google.golang.org/grpc"
)

type (
    AuthEnableResponse               pb.AuthEnableResponse
    AuthDisableResponse              pb.AuthDisableResponse
    AuthenticateResponse             pb.AuthenticateResponse
    AuthUserAddResponse              pb.AuthUserAddResponse
    AuthUserDeleteResponse           pb.AuthUserDeleteResponse
    AuthUserChangePasswordResponse   pb.AuthUserChangePasswordResponse
    AuthUserGrantRoleResponse        pb.AuthUserGrantRoleResponse
    AuthUserGetResponse              pb.AuthUserGetResponse
    AuthUserRevokeRoleResponse       pb.AuthUserRevokeRoleResponse
    AuthRoleAddResponse              pb.AuthRoleAddResponse
    AuthRoleGrantPermissionResponse  pb.AuthRoleGrantPermissionResponse
    AuthRoleGetResponse              pb.AuthRoleGetResponse
    AuthRoleRevokePermissionResponse pb.AuthRoleRevokePermissionResponse
    AuthRoleDeleteResponse           pb.AuthRoleDeleteResponse
    AuthUserListResponse             pb.AuthUserListResponse
    AuthRoleListResponse             pb.AuthRoleListResponse

    PermissionType authpb.Permission_Type
    Permission     authpb.Permission
)

const (
    PermRead      = authpb.READ
    PermWrite     = authpb.WRITE
    PermReadWrite = authpb.READWRITE
)

type Auth interface {
    // AuthEnable enables auth of an etcd cluster.
       //开启授权在 etcd集群中
    AuthEnable(ctx context.Context) (*AuthEnableResponse, error)

    // AuthDisable disables auth of an etcd cluster.
//关闭授权 在集群中
    AuthDisable(ctx context.Context) (*AuthDisableResponse, error)

    // UserAdd adds a new user to an etcd cluster.
//添加一个用户到集群中
    UserAdd(ctx context.Context, name string, password string) (*AuthUserAddResponse, error)

    // UserDelete deletes a user from an etcd cluster.
//在集群中删除一个用户
    UserDelete(ctx context.Context, name string) (*AuthUserDeleteResponse, error)

    // UserChangePassword changes a password of a user.
//改变集群中一个用户密码
    UserChangePassword(ctx context.Context, name string, password string) (*AuthUserChangePasswordResponse, error)

    // UserGrantRole grants a role to a user.
//授权一个角色给一个用户
    UserGrantRole(ctx context.Context, user string, role string) (*AuthUserGrantRoleResponse, error)

    // UserGet gets a detailed information of a user.
//得到一个用户信息信息
    UserGet(ctx context.Context, name string) (*AuthUserGetResponse, error)

    // UserList gets a list of all users.
    UserList(ctx context.Context) (*AuthUserListResponse, error)

    // UserRevokeRole revokes a role of a user.
//撤销一个用户的角色
    UserRevokeRole(ctx context.Context, name string, role string) (*AuthUserRevokeRoleResponse, error)

    // RoleAdd adds a new role to an etcd cluster.
//在集群中 添加一个角色
    RoleAdd(ctx context.Context, name string) (*AuthRoleAddResponse, error)

    // RoleGrantPermission grants a permission to a role.
//授权给一个角色的操作权限
    RoleGrantPermission(ctx context.Context, name string, key, rangeEnd string, permType PermissionType) (*AuthRoleGrantPermissionResponse, error)

    // RoleGet gets a detailed information of a role.
//获取一个角色的详细信息
    RoleGet(ctx context.Context, role string) (*AuthRoleGetResponse, error)

    // RoleList gets a list of all roles.
//获取集群中 所有的角色列表
    RoleList(ctx context.Context) (*AuthRoleListResponse, error)

    // RoleRevokePermission revokes a permission from a role.
//撤销一个角色对应的权限  与RoleGrantPermission  相反的操作
    RoleRevokePermission(ctx context.Context, role string, key, rangeEnd string) (*AuthRoleRevokePermissionResponse, error)

    // RoleDelete deletes a role.
//删除一个角色
    RoleDelete(ctx context.Context, role string) (*AuthRoleDeleteResponse, error)
}
//授权结构体
type auth struct {
    c *Client
    conn   *grpc.ClientConn // conn in-use
    remote pb.AuthClient
}
//新建一个授权对象
func NewAuth(c *Client) Auth {
    conn := c.ActiveConnection()
    return &auth{
        conn:   c.ActiveConnection(),
        remote: pb.NewAuthClient(conn),
        c:      c,
    }
}
//
func (auth *auth) AuthEnable(ctx context.Context) (*AuthEnableResponse, error) {
    resp, err := auth.remote.AuthEnable(ctx, &pb.AuthEnableRequest{}, grpc.FailFast(false))
    return (*AuthEnableResponse)(resp), toErr(ctx, err)
}

func (auth *auth) AuthDisable(ctx context.Context) (*AuthDisableResponse, error) {
    resp, err := auth.remote.AuthDisable(ctx, &pb.AuthDisableRequest{}, grpc.FailFast(false))
    return (*AuthDisableResponse)(resp), toErr(ctx, err)
}

func (auth *auth) UserAdd(ctx context.Context, name string, password string) (*AuthUserAddResponse, error) {
    resp, err := auth.remote.UserAdd(ctx, &pb.AuthUserAddRequest{Name: name, Password: password})
    return (*AuthUserAddResponse)(resp), toErr(ctx, err)
}

func (auth *auth) UserDelete(ctx context.Context, name string) (*AuthUserDeleteResponse, error) {
    resp, err := auth.remote.UserDelete(ctx, &pb.AuthUserDeleteRequest{Name: name})
    return (*AuthUserDeleteResponse)(resp), toErr(ctx, err)
}

func (auth *auth) UserChangePassword(ctx context.Context, name string, password string) (*AuthUserChangePasswordResponse, error) {
    resp, err := auth.remote.UserChangePassword(ctx, &pb.AuthUserChangePasswordRequest{Name: name, Password: password})
    return (*AuthUserChangePasswordResponse)(resp), toErr(ctx, err)
}

func (auth *auth) UserGrantRole(ctx context.Context, user string, role string) (*AuthUserGrantRoleResponse, error) {
    resp, err := auth.remote.UserGrantRole(ctx, &pb.AuthUserGrantRoleRequest{User: user, Role: role})
    return (*AuthUserGrantRoleResponse)(resp), toErr(ctx, err)
}

func (auth *auth) UserGet(ctx context.Context, name string) (*AuthUserGetResponse, error) {
    resp, err := auth.remote.UserGet(ctx, &pb.AuthUserGetRequest{Name: name}, grpc.FailFast(false))
    return (*AuthUserGetResponse)(resp), toErr(ctx, err)
}

func (auth *auth) UserList(ctx context.Context) (*AuthUserListResponse, error) {
    resp, err := auth.remote.UserList(ctx, &pb.AuthUserListRequest{}, grpc.FailFast(false))
    return (*AuthUserListResponse)(resp), toErr(ctx, err)
}

func (auth *auth) UserRevokeRole(ctx context.Context, name string, role string) (*AuthUserRevokeRoleResponse, error) {
    resp, err := auth.remote.UserRevokeRole(ctx, &pb.AuthUserRevokeRoleRequest{Name: name, Role: role})
    return (*AuthUserRevokeRoleResponse)(resp), toErr(ctx, err)
}

func (auth *auth) RoleAdd(ctx context.Context, name string) (*AuthRoleAddResponse, error) {
    resp, err := auth.remote.RoleAdd(ctx, &pb.AuthRoleAddRequest{Name: name})
    return (*AuthRoleAddResponse)(resp), toErr(ctx, err)
}

func (auth *auth) RoleGrantPermission(ctx context.Context, name string, key, rangeEnd string, permType PermissionType) (*AuthRoleGrantPermissionResponse, error) {
    perm := &authpb.Permission{
        Key:      []byte(key),
        RangeEnd: []byte(rangeEnd),
        PermType: authpb.Permission_Type(permType),
    }
    resp, err := auth.remote.RoleGrantPermission(ctx, &pb.AuthRoleGrantPermissionRequest{Name: name, Perm: perm})
    return (*AuthRoleGrantPermissionResponse)(resp), toErr(ctx, err)
}

func (auth *auth) RoleGet(ctx context.Context, role string) (*AuthRoleGetResponse, error) {
    resp, err := auth.remote.RoleGet(ctx, &pb.AuthRoleGetRequest{Role: role}, grpc.FailFast(false))
    return (*AuthRoleGetResponse)(resp), toErr(ctx, err)
}

func (auth *auth) RoleList(ctx context.Context) (*AuthRoleListResponse, error) {
    resp, err := auth.remote.RoleList(ctx, &pb.AuthRoleListRequest{}, grpc.FailFast(false))
    return (*AuthRoleListResponse)(resp), toErr(ctx, err)
}

func (auth *auth) RoleRevokePermission(ctx context.Context, role string, key, rangeEnd string) (*AuthRoleRevokePermissionResponse, error) {
    resp, err := auth.remote.RoleRevokePermission(ctx, &pb.AuthRoleRevokePermissionRequest{Role: role, Key: key, RangeEnd: rangeEnd})
    return (*AuthRoleRevokePermissionResponse)(resp), toErr(ctx, err)
}

func (auth *auth) RoleDelete(ctx context.Context, role string) (*AuthRoleDeleteResponse, error) {
    resp, err := auth.remote.RoleDelete(ctx, &pb.AuthRoleDeleteRequest{Role: role})
    return (*AuthRoleDeleteResponse)(resp), toErr(ctx, err)
}

func StrToPermissionType(s string) (PermissionType, error) {
    val, ok := authpb.Permission_Type_value[strings.ToUpper(s)]
    if ok {
        return PermissionType(val), nil
    }
    return PermissionType(-1), fmt.Errorf("invalid permission type: %s", s)
}

type authenticator struct {
    conn   *grpc.ClientConn // conn in-use
    remote pb.AuthClient
}

func (auth *authenticator) authenticate(ctx context.Context, name string, password string) (*AuthenticateResponse, error) {
    resp, err := auth.remote.Authenticate(ctx, &pb.AuthenticateRequest{Name: name, Password: password}, grpc.FailFast(false))
    return (*AuthenticateResponse)(resp), toErr(ctx, err)
}

func (auth *authenticator) close() {
    auth.conn.Close()
}

func newAuthenticator(endpoint string, opts []grpc.DialOption) (*authenticator, error) {
    conn, err := grpc.Dial(endpoint, opts...)
    if err != nil {
        return nil, err
    }

    return &authenticator{
        conn:   conn,
        remote: pb.NewAuthClient(conn),
    }, nil
}

auth.go的更多相关文章

  1. Laravel 5.3 auth中间件底层实现详解

    1. 注册认证中间件, 在文件 app/Http/Kernel.php 内完成: protected $routeMiddleware = [ 'auth' => \Illuminate\Aut ...

  2. httpclient进行basic auth认证

    private HttpClientContext context = HttpClientContext.create(); public void addUserOAuth(String user ...

  3. Apache增加Basic Auth

    在.htaccess文件中增加 AuthUserFile /var/www/htpasswd/test.htpasswd AuthName EnterPassword AuthType Basic r ...

  4. asp.net mvc api auth

    一.登录 /// <summary> /// 获取令牌 /// </summary> /// <param name="userName">用户 ...

  5. Send Push Notifications to iOS Devices using Xcode 8 and Swift 3, APNs Auth Key

    Send Push Notifications to iOS Devices using Xcode 8 and Swift 3 OCT 6, 2016 Push notifications are ...

  6. RBAC在thinkphp中有Auth类 可以很好的实现权限控制

    import('ORG.Util.Auth');//加载类库 $auth=new Auth(); if($auth->check('show_button',1)){// 第一个参数是规则名称, ...

  7. 智慧城市的【Auth】登录对象

    从Auth对象看前端:1.将与Auth对象相关的功能分离出来.所含的内容包括:[个人中心相关信息的显示,注册,登录,忘记密码,修改密码,个人信息修改]. 2.从“我的”页面开始,显示使用哪儿的数据,需 ...

  8. auth用户认证库

    关于auth库,建议如下:1. ion_auth,基于Redux重写而成,非常不错的认证库,国外用的很多,几个最新的ci2.0.2基础上的开源系统(如doveforum)都用它,支持ci 2.0和以上 ...

  9. Redis集群~StackExchange.Redis(10月6号版1.1.608.0)连接Twemproxy支持Auth指令了

    回到目录 对于StackExchange.Redis这个驱动来说,之前的版本在使用Proxy为Twemproxy代理时,它是不支持Password属性的,即不支持原始的Auth指令,而我也修改过源代码 ...

  10. Server asks us to fall back to SIMPLE auth, but this client is configured to only allow secure connections.

    我是在flume向hdfs 写(sink)数据时遇到的这个错误. Server (是指hdfs) asks us to fall back to SIMPLE auth, but this clien ...

随机推荐

  1. 如何在Visual Studio 2017中使用C# 7+语法

    前言 之前不知看过哪位前辈的博文有点印象C# 7控制台开始支持执行异步方法,然后闲来无事,搞着,搞着没搞出来,然后就写了这篇博文,不喜勿喷,或许对您有帮助. 在Visual Studio 2017配置 ...

  2. 前端到docker入门

    Docker的诞生 我们总是会遇到测试对开发说项目又不work了,开发总说:在我电脑上是ok的阿. 项目组加了新人,我们就需要教新人配置各种开发环境,每换一台机器就要配置一次,每来一个新人就要配置一次 ...

  3. Linux部署集群.NET网站

    一.Linux下面安装需要软件 我们这里需要安装的软件有: 1) Mono 3.2.8 : C#跨平台编译器,能使.Net运行与Linux下,目前.net 4.0可以完美运行在该平台下 2) ngin ...

  4. maven jsp out.print()request.getParameter() 爆红

    如图: 解决方案: 在pom文件中添加依赖: <!-- https://mvnrepository.com/artifact/javax.servlet.jsp/jsp-api -->&l ...

  5. C语言编对双精度数保留一位小数

    /*第一题*/ #include<stdio.h> //输入1.2345 输出1.2000 //输入1.2547 输出1.3000 main(){ ; printf("请输入:\ ...

  6. 微信小程序UI组件、开发框架、实用库...

    UI组件 weui-wxss ★852 - 同微信原生视觉体验一致的基础样式库 Wa-UI ★122 - 针对微信小程序整合的一套UI库 wx-charts ★105 - 微信小程序图表工具 wema ...

  7. FOF 全面科普贴(转载)

    看过那么多 FOF 科普贴,这份最全面!告转之~ 来自:https://xueqiu.com/7692591808/81852994 [ 导言 ] 看过那么多FOF科普贴,这份最全面! 昨天下午,青果 ...

  8. 瞎捣鼓的code highlight

    int a ; int b; public int  a ;int b   char c; h2 { text-align: left;}.postTitle{ background-color:#F ...

  9. QPropertyAnimation实现图形,控件的旋转和位移动画,尤其是旋转

    QPropertyAnimation可以简单方便的实现对象的旋转和移动的动画效果. 1. 移动 Pixmap *item = new Pixmap(kineticPix); QPropertyAnim ...

  10. flask模板

    做为python web开发领域的一员,flask跟Django在很多地方用法以都是相似的,比如flask的模板 模板就是服务器端的页面,在模板中可以使用服务端的语法进行输出控制 1.模板的工作原理 ...