server/service/rbac/dao/account_dao.go - servicecomb-service-center - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 //Package rbac is dao layer API to help service center manage account, policy and role info
 package dao

 import (
 	"context"
 	"encoding/json"
 	"errors"
 	"fmt"
 	"github.com/apache/servicecomb-service-center/pkg/etcdsync"
 	"github.com/apache/servicecomb-service-center/pkg/log"
 	"github.com/apache/servicecomb-service-center/pkg/privacy"
 	"github.com/apache/servicecomb-service-center/pkg/rbacframe"
 	"github.com/apache/servicecomb-service-center/pkg/util"
 	"github.com/apache/servicecomb-service-center/server/core"
 	"github.com/apache/servicecomb-service-center/server/service/kv"
 )

 var ErrDuplicated = errors.New("account is duplicated")
 var ErrCanNotEdit = errors.New("account can not be edited")

 //CreateAccount save 2 kv
 //1. account info
 func CreateAccount(ctx context.Context, a *rbacframe.Account) error {
 	lock, err := etcdsync.Lock("/account-creating/"+a.Name, -1, false)
 	if err != nil {
 		return fmt.Errorf("account %s is creating", a.Name)
 	}
 	defer func() {
 		err := lock.Unlock()
 		if err != nil {
 			log.Errorf(err, "can not release account lock")
 		}
 	}()
 	key := core.GenerateAccountKey(a.Name)
 	exist, err := kv.Exist(ctx, key)
 	if err != nil {
 		log.Errorf(err, "can not save account info")
 		return err
 	}
 	if exist {
 		return ErrDuplicated
 	}
 	hash, err := privacy.ScryptPassword(a.Password)
 	if err != nil {
 		log.Errorf(err, "pwd hash failed")
 		return err
 	}
 	a.Password = hash
 	a.ID = util.GenerateUUID()
 	value, err := json.Marshal(a)
 	if err != nil {
 		log.Errorf(err, "account info is invalid")
 		return err
 	}
 	err = kv.PutBytes(ctx, key, value)
 	if err != nil {
 		log.Errorf(err, "can not save account info")
 		return err
 	}
 	log.Info("create new account: " + a.ID)
 	return nil
 }

 func GetAccount(ctx context.Context, name string) (*rbacframe.Account, error) {
 	key := core.GenerateAccountKey(name)
 	r, err := kv.Get(ctx, key)
 	if err != nil {
 		log.Errorf(err, "can not get account info")
 		return nil, err
 	}
 	a := &rbacframe.Account{}
 	err = json.Unmarshal(r.Value, a)
 	if err != nil {
 		log.Errorf(err, "account info format invalid")
 		return nil, err
 	}
 	return a, nil
 }
 func ListAccount(ctx context.Context) ([]*rbacframe.Account, int64, error) {
 	key := core.GenerateAccountKey("")
 	r, n, err := kv.List(ctx, key)
 	if err != nil {
 		log.Errorf(err, "can not get account info")
 		return nil, 0, err
 	}
 	as := make([]*rbacframe.Account, 0, n)
 	for _, v := range r {
 		a := &rbacframe.Account{}
 		err = json.Unmarshal(v.Value, a)
 		if err != nil {
 			log.Error("account info format invalid:", err)
 			continue //do not fail if some account is invalid
 		}
 		a.Password = ""
 		as = append(as, a)
 	}
 	return as, n, nil
 }
 func AccountExist(ctx context.Context, name string) (bool, error) {
 	exist, err := kv.Exist(ctx, core.GenerateAccountKey(name))
 	if err != nil {
 		log.Errorf(err, "can not get account info")
 		return false, err
 	}
 	return exist, nil
 }
 func DeleteAccount(ctx context.Context, name string) (bool, error) {
 	exist, err := kv.Delete(ctx, core.GenerateAccountKey(name))
 	if err != nil {
 		log.Errorf(err, "can not get account info")
 		return false, err
 	}
 	log.Info("account is deleted")
 	return exist, nil
 }

 //CreateAccount save 2 kv
 //1. account info
 func EditAccount(ctx context.Context, a *rbacframe.Account) error {
 	key := core.GenerateAccountKey(a.Name)
 	exist, err := kv.Exist(ctx, key)
 	if err != nil {
 		log.Errorf(err, "can not edit account info")
 		return err
 	}
 	if !exist {
 		return ErrCanNotEdit
 	}

 	value, err := json.Marshal(a)
 	if err != nil {
 		log.Errorf(err, "account info is invalid")
 		return err
 	}
 	err = kv.PutBytes(ctx, key, value)
 	if err != nil {
 		log.Errorf(err, "can not edit account info")
 		return err
 	}
 	log.Info("account is edit")
 	return nil
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	//Package rbac is dao layer API to help service center manage account, policy and role info
	package dao

	import (
	"context"
	"encoding/json"
	"errors"
	"fmt"
	"github.com/apache/servicecomb-service-center/pkg/etcdsync"
	"github.com/apache/servicecomb-service-center/pkg/log"
	"github.com/apache/servicecomb-service-center/pkg/privacy"
	"github.com/apache/servicecomb-service-center/pkg/rbacframe"
	"github.com/apache/servicecomb-service-center/pkg/util"
	"github.com/apache/servicecomb-service-center/server/core"
	"github.com/apache/servicecomb-service-center/server/service/kv"
	)

	var ErrDuplicated = errors.New("account is duplicated")
	var ErrCanNotEdit = errors.New("account can not be edited")

	//CreateAccount save 2 kv
	//1. account info
	func CreateAccount(ctx context.Context, a *rbacframe.Account) error {
	lock, err := etcdsync.Lock("/account-creating/"+a.Name, -1, false)
	if err != nil {
	return fmt.Errorf("account %s is creating", a.Name)
	}
	defer func() {
	err := lock.Unlock()
	if err != nil {
	log.Errorf(err, "can not release account lock")
	}
	}()
	key := core.GenerateAccountKey(a.Name)
	exist, err := kv.Exist(ctx, key)
	if err != nil {
	log.Errorf(err, "can not save account info")
	return err
	}
	if exist {
	return ErrDuplicated
	}
	hash, err := privacy.ScryptPassword(a.Password)
	if err != nil {
	log.Errorf(err, "pwd hash failed")
	return err
	}
	a.Password = hash
	a.ID = util.GenerateUUID()
	value, err := json.Marshal(a)
	if err != nil {
	log.Errorf(err, "account info is invalid")
	return err
	}
	err = kv.PutBytes(ctx, key, value)
	if err != nil {
	log.Errorf(err, "can not save account info")
	return err
	}
	log.Info("create new account: " + a.ID)
	return nil
	}

	func GetAccount(ctx context.Context, name string) (*rbacframe.Account, error) {
	key := core.GenerateAccountKey(name)
	r, err := kv.Get(ctx, key)
	if err != nil {
	log.Errorf(err, "can not get account info")
	return nil, err
	}
	a := &rbacframe.Account{}
	err = json.Unmarshal(r.Value, a)
	if err != nil {
	log.Errorf(err, "account info format invalid")
	return nil, err
	}
	return a, nil
	}
	func ListAccount(ctx context.Context) ([]*rbacframe.Account, int64, error) {
	key := core.GenerateAccountKey("")
	r, n, err := kv.List(ctx, key)
	if err != nil {
	log.Errorf(err, "can not get account info")
	return nil, 0, err
	}
	as := make([]*rbacframe.Account, 0, n)
	for _, v := range r {
	a := &rbacframe.Account{}
	err = json.Unmarshal(v.Value, a)
	if err != nil {
	log.Error("account info format invalid:", err)
	continue //do not fail if some account is invalid
	}
	a.Password = ""
	as = append(as, a)
	}
	return as, n, nil
	}
	func AccountExist(ctx context.Context, name string) (bool, error) {
	exist, err := kv.Exist(ctx, core.GenerateAccountKey(name))
	if err != nil {
	log.Errorf(err, "can not get account info")
	return false, err
	}
	return exist, nil
	}
	func DeleteAccount(ctx context.Context, name string) (bool, error) {
	exist, err := kv.Delete(ctx, core.GenerateAccountKey(name))
	if err != nil {
	log.Errorf(err, "can not get account info")
	return false, err
	}
	log.Info("account is deleted")
	return exist, nil
	}

	//CreateAccount save 2 kv
	//1. account info
	func EditAccount(ctx context.Context, a *rbacframe.Account) error {
	key := core.GenerateAccountKey(a.Name)
	exist, err := kv.Exist(ctx, key)
	if err != nil {
	log.Errorf(err, "can not edit account info")
	return err
	}
	if !exist {
	return ErrCanNotEdit
	}

	value, err := json.Marshal(a)
	if err != nil {
	log.Errorf(err, "account info is invalid")
	return err
	}
	err = kv.PutBytes(ctx, key, value)
	if err != nil {
	log.Errorf(err, "can not edit account info")
	return err
	}
	log.Info("account is edit")
	return nil
	}