datasource/etcd/account.go - servicecomb-service-center - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package etcd

 import (
 	"context"
 	"encoding/json"
 	"strconv"
 	"time"

 	crbac "github.com/go-chassis/cari/rbac"
 	"github.com/go-chassis/foundation/stringutil"
 	"github.com/little-cui/etcdadpt"

 	"github.com/apache/servicecomb-service-center/datasource"
 	"github.com/apache/servicecomb-service-center/datasource/etcd/path"
 	esync "github.com/apache/servicecomb-service-center/datasource/etcd/sync"
 	"github.com/apache/servicecomb-service-center/datasource/rbac"
 	"github.com/apache/servicecomb-service-center/pkg/log"
 )

 func init() {
 	rbac.Install("etcd", NewRbacDAO)
 	rbac.Install("embeded_etcd", NewRbacDAO)
 	rbac.Install("embedded_etcd", NewRbacDAO)
 }

 func NewRbacDAO(_ rbac.Options) (rbac.DAO, error) {
 	return &RbacDAO{}, nil
 }

 type RbacDAO struct {
 }

 func (ds *RbacDAO) CreateAccount(ctx context.Context, a *crbac.Account) error {
 	exist, err := ds.AccountExist(ctx, a.Name)
 	if err != nil {
 		log.Error("can not save account info", err)
 		return err
 	}
 	if exist {
 		return rbac.ErrAccountDuplicated
 	}

 	opts, err := GenAccountOpts(a, etcdadpt.ActionPut)
 	if err != nil {
 		log.Error("", err)
 		return err
 	}
 	syncOpts, err := esync.GenCreateOpts(ctx, datasource.ResourceAccount, a)
 	if err != nil {
 		log.Error("fail to create sync opts", err)
 		return err
 	}
 	opts = append(opts, syncOpts...)
 	err = etcdadpt.Txn(ctx, opts)
 	if err != nil {
 		log.Error("can not save account info", err)
 		return err
 	}
 	log.Info("create new account: " + a.ID)
 	return nil
 }

 func GenAccountOpts(a *crbac.Account, action etcdadpt.Action) ([]etcdadpt.OpOptions, error) {
 	opts := make([]etcdadpt.OpOptions, 0)
 	value, err := json.Marshal(a)
 	if err != nil {
 		log.Error("account info is invalid", err)
 		return nil, err
 	}
 	opts = append(opts, etcdadpt.OpOptions{
 		Key:    stringutil.Str2bytes(path.GenerateAccountKey(a.Name)),
 		Value:  value,
 		Action: action,
 	})
 	for _, r := range a.Roles {
 		opt := etcdadpt.OpOptions{
 			Key:    stringutil.Str2bytes(path.GenRoleAccountIdxKey(r, a.Name)),
 			Action: action,
 		}
 		opts = append(opts, opt)
 	}

 	return opts, nil
 }

 func (ds *RbacDAO) AccountExist(ctx context.Context, name string) (bool, error) {
 	return etcdadpt.Exist(ctx, path.GenerateRBACAccountKey(name))
 }
 func (ds *RbacDAO) GetAccount(ctx context.Context, name string) (*crbac.Account, error) {
 	kv, err := etcdadpt.Get(ctx, path.GenerateRBACAccountKey(name))
 	if err != nil {
 		return nil, err
 	}
 	if kv == nil {
 		return nil, rbac.ErrAccountNotExist
 	}
 	account := &crbac.Account{}
 	err = json.Unmarshal(kv.Value, account)
 	if err != nil {
 		log.Error("account info format invalid", err)
 		return nil, err
 	}
 	ds.compatibleOldVersionAccount(account)
 	return account, nil
 }

 func (ds *RbacDAO) compatibleOldVersionAccount(a *crbac.Account) {
 	// old version use Role, now use Roles
 	// Role/Roles will not exist at the same time
 	if len(a.Role) == 0 {
 		return
 	}
 	a.Roles = []string{a.Role}
 	a.Role = ""
 }

 func (ds *RbacDAO) ListAccount(ctx context.Context) ([]*crbac.Account, int64, error) {
 	kvs, n, err := etcdadpt.List(ctx, path.GenerateRBACAccountKey(""))
 	if err != nil {
 		return nil, 0, err
 	}
 	accounts := make([]*crbac.Account, 0, n)
 	for _, v := range kvs {
 		a := &crbac.Account{}
 		err = json.Unmarshal(v.Value, a)
 		if err != nil {
 			log.Error("account info format invalid:", err)
 			continue //do not fail if some account is invalid
 		}
 		a.Password = ""
 		ds.compatibleOldVersionAccount(a)
 		accounts = append(accounts, a)
 	}
 	return accounts, n, nil
 }
 func (ds *RbacDAO) DeleteAccount(ctx context.Context, names []string) (bool, error) {
 	if len(names) == 0 {
 		return false, nil
 	}
 	var allOpts []etcdadpt.OpOptions
 	for _, name := range names {
 		a, err := ds.GetAccount(ctx, name)
 		if err != nil {
 			log.Error("", err)
 			continue //do not fail if some account is invalid
 		}
 		if a == nil {
 			log.Warn("can not find account")
 			continue
 		}
 		opts, err := GenAccountOpts(a, etcdadpt.ActionDelete)
 		if err != nil {
 			log.Error("", err)
 			continue //do not fail if some account is invalid

 		}
 		allOpts = append(allOpts, opts...)
 		syncOpts, err := esync.GenDeleteOpts(ctx, datasource.ResourceAccount, a.Name, a)
 		if err != nil {
 			log.Error("fail to create sync opts", err)
 			return false, err
 		}
 		allOpts = append(allOpts, syncOpts...)
 	}
 	err := etcdadpt.Txn(ctx, allOpts)
 	if err != nil {
 		log.Error(rbac.ErrDeleteAccountFailed.Error(), err)
 		return false, err
 	}
 	return true, nil
 }

 func (ds *RbacDAO) UpdateAccount(ctx context.Context, _ string, account *crbac.Account) error {
 	var (
 		opts []etcdadpt.OpOptions
 		err  error
 	)

 	account.UpdateTime = strconv.FormatInt(time.Now().Unix(), 10)

 	opts, err = GenAccountOpts(account, etcdadpt.ActionPut)
 	if err != nil {
 		log.Error("GenAccountOpts failed", err)
 		return err
 	}

 	old, err := ds.GetAccount(ctx, account.Name)
 	if err != nil {
 		log.Error("GetAccount failed", err)
 		return err
 	}

 	for _, r := range old.Roles {
 		if hasRole(account, r) {
 			continue
 		}
 		opt := etcdadpt.OpOptions{
 			Key:    stringutil.Str2bytes(path.GenRoleAccountIdxKey(r, old.Name)),
 			Action: etcdadpt.ActionDelete,
 		}
 		opts = append(opts, opt)
 	}
 	syncOpts, err := esync.GenUpdateOpts(ctx, datasource.ResourceAccount, account)
 	if err != nil {
 		log.Error("fail to create sync opts", err)
 		return err
 	}
 	opts = append(opts, syncOpts...)
 	err = etcdadpt.Txn(ctx, opts)
 	if err != nil {
 		log.Error("BatchCommit failed", err)
 	}
 	return err
 }

 func hasRole(account *crbac.Account, r string) bool {
 	for _, n := range account.Roles {
 		if r == n {
 			return true
 		}
 	}
 	return false
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package etcd

	import (
	"context"
	"encoding/json"
	"strconv"
	"time"

	crbac "github.com/go-chassis/cari/rbac"
	"github.com/go-chassis/foundation/stringutil"
	"github.com/little-cui/etcdadpt"

	"github.com/apache/servicecomb-service-center/datasource"
	"github.com/apache/servicecomb-service-center/datasource/etcd/path"
	esync "github.com/apache/servicecomb-service-center/datasource/etcd/sync"
	"github.com/apache/servicecomb-service-center/datasource/rbac"
	"github.com/apache/servicecomb-service-center/pkg/log"
	)

	func init() {
	rbac.Install("etcd", NewRbacDAO)
	rbac.Install("embeded_etcd", NewRbacDAO)
	rbac.Install("embedded_etcd", NewRbacDAO)
	}

	func NewRbacDAO(_ rbac.Options) (rbac.DAO, error) {
	return &RbacDAO{}, nil
	}

	type RbacDAO struct {
	}

	func (ds RbacDAO) CreateAccount(ctx context.Context, a crbac.Account) error {
	exist, err := ds.AccountExist(ctx, a.Name)
	if err != nil {
	log.Error("can not save account info", err)
	return err
	}
	if exist {
	return rbac.ErrAccountDuplicated
	}

	opts, err := GenAccountOpts(a, etcdadpt.ActionPut)
	if err != nil {
	log.Error("", err)
	return err
	}
	syncOpts, err := esync.GenCreateOpts(ctx, datasource.ResourceAccount, a)
	if err != nil {
	log.Error("fail to create sync opts", err)
	return err
	}
	opts = append(opts, syncOpts...)
	err = etcdadpt.Txn(ctx, opts)
	if err != nil {
	log.Error("can not save account info", err)
	return err
	}
	log.Info("create new account: " + a.ID)
	return nil
	}

	func GenAccountOpts(a *crbac.Account, action etcdadpt.Action) ([]etcdadpt.OpOptions, error) {
	opts := make([]etcdadpt.OpOptions, 0)
	value, err := json.Marshal(a)
	if err != nil {
	log.Error("account info is invalid", err)
	return nil, err
	}
	opts = append(opts, etcdadpt.OpOptions{
	Key: stringutil.Str2bytes(path.GenerateAccountKey(a.Name)),
	Value: value,
	Action: action,
	})
	for _, r := range a.Roles {
	opt := etcdadpt.OpOptions{
	Key: stringutil.Str2bytes(path.GenRoleAccountIdxKey(r, a.Name)),
	Action: action,
	}
	opts = append(opts, opt)
	}

	return opts, nil
	}

	func (ds *RbacDAO) AccountExist(ctx context.Context, name string) (bool, error) {
	return etcdadpt.Exist(ctx, path.GenerateRBACAccountKey(name))
	}
	func (ds RbacDAO) GetAccount(ctx context.Context, name string) (crbac.Account, error) {
	kv, err := etcdadpt.Get(ctx, path.GenerateRBACAccountKey(name))
	if err != nil {
	return nil, err
	}
	if kv == nil {
	return nil, rbac.ErrAccountNotExist
	}
	account := &crbac.Account{}
	err = json.Unmarshal(kv.Value, account)
	if err != nil {
	log.Error("account info format invalid", err)
	return nil, err
	}
	ds.compatibleOldVersionAccount(account)
	return account, nil
	}

	func (ds RbacDAO) compatibleOldVersionAccount(a crbac.Account) {
	// old version use Role, now use Roles
	// Role/Roles will not exist at the same time
	if len(a.Role) == 0 {
	return
	}
	a.Roles = []string{a.Role}
	a.Role = ""
	}

	func (ds RbacDAO) ListAccount(ctx context.Context) ([]crbac.Account, int64, error) {
	kvs, n, err := etcdadpt.List(ctx, path.GenerateRBACAccountKey(""))
	if err != nil {
	return nil, 0, err
	}
	accounts := make([]*crbac.Account, 0, n)
	for _, v := range kvs {
	a := &crbac.Account{}
	err = json.Unmarshal(v.Value, a)
	if err != nil {
	log.Error("account info format invalid:", err)
	continue //do not fail if some account is invalid
	}
	a.Password = ""
	ds.compatibleOldVersionAccount(a)
	accounts = append(accounts, a)
	}
	return accounts, n, nil
	}
	func (ds *RbacDAO) DeleteAccount(ctx context.Context, names []string) (bool, error) {
	if len(names) == 0 {
	return false, nil
	}
	var allOpts []etcdadpt.OpOptions
	for _, name := range names {
	a, err := ds.GetAccount(ctx, name)
	if err != nil {
	log.Error("", err)
	continue //do not fail if some account is invalid
	}
	if a == nil {
	log.Warn("can not find account")
	continue
	}
	opts, err := GenAccountOpts(a, etcdadpt.ActionDelete)
	if err != nil {
	log.Error("", err)
	continue //do not fail if some account is invalid

	}
	allOpts = append(allOpts, opts...)
	syncOpts, err := esync.GenDeleteOpts(ctx, datasource.ResourceAccount, a.Name, a)
	if err != nil {
	log.Error("fail to create sync opts", err)
	return false, err
	}
	allOpts = append(allOpts, syncOpts...)
	}
	err := etcdadpt.Txn(ctx, allOpts)
	if err != nil {
	log.Error(rbac.ErrDeleteAccountFailed.Error(), err)
	return false, err
	}
	return true, nil
	}

	func (ds RbacDAO) UpdateAccount(ctx context.Context, _ string, account crbac.Account) error {
	var (
	opts []etcdadpt.OpOptions
	err error
	)

	account.UpdateTime = strconv.FormatInt(time.Now().Unix(), 10)

	opts, err = GenAccountOpts(account, etcdadpt.ActionPut)
	if err != nil {
	log.Error("GenAccountOpts failed", err)
	return err
	}

	old, err := ds.GetAccount(ctx, account.Name)
	if err != nil {
	log.Error("GetAccount failed", err)
	return err
	}

	for _, r := range old.Roles {
	if hasRole(account, r) {
	continue
	}
	opt := etcdadpt.OpOptions{
	Key: stringutil.Str2bytes(path.GenRoleAccountIdxKey(r, old.Name)),
	Action: etcdadpt.ActionDelete,
	}
	opts = append(opts, opt)
	}
	syncOpts, err := esync.GenUpdateOpts(ctx, datasource.ResourceAccount, account)
	if err != nil {
	log.Error("fail to create sync opts", err)
	return err
	}
	opts = append(opts, syncOpts...)
	err = etcdadpt.Txn(ctx, opts)
	if err != nil {
	log.Error("BatchCommit failed", err)
	}
	return err
	}

	func hasRole(account *crbac.Account, r string) bool {
	for _, n := range account.Roles {
	if r == n {
	return true
	}
	}
	return false
	}