Skip to content

Commit

Permalink
Merge pull request etcd-io#7958 from heyitsanthony/perm-prefix
Browse files Browse the repository at this point in the history
etcdctl: improve role --prefix flag
  • Loading branch information
Anthony Romano authored May 22, 2017
2 parents 378bac7 + 2f1467c commit f75e333
Show file tree
Hide file tree
Showing 2 changed files with 53 additions and 32 deletions.
19 changes: 18 additions & 1 deletion etcdctl/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -961,25 +961,42 @@ RPC: RoleGrantPermission

#### Options

- from-key -- grant a permission of keys that are greater than or equal to the given key using byte compare

- prefix -- grant a prefix permission

#### Ouptut
#### Output

`Role <role name> updated`.

#### Examples

Grant read and write permission on the key `foo` to role `myrole`:

```bash
./etcdctl --user=root:123 role grant-permission myrole readwrite foo
# Role myrole updated
```

Grant read permission on the wildcard key pattern `foo/*` to role `myrole`:

```bash
./etcdctl --user=root:123 role grant-permission --prefix myrole readwrite foo/
# Role myrole updated
```

### ROLE REVOKE-PERMISSION \<role name\> \<permission type\> \<key\> [endkey]

`role revoke-permission` revokes a key from a role.

RPC: RoleRevokePermission

#### Options

- from-key -- revoke a permission of keys that are greater than or equal to the given key using byte compare

- prefix -- revoke a prefix permission

#### Output

`Permission of key <key> is revoked from role <role name>` for single key. `Permission of range [<key>, <endkey>) is revoked from role <role name>` for a key range. Exit code is zero.
Expand Down
66 changes: 35 additions & 31 deletions etcdctl/ctlv3/command/role_command.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,8 @@ import (
)

var (
grantPermissionPrefix bool
permFromKey bool
rolePermPrefix bool
rolePermFromKey bool
)

// NewRoleCommand returns the cobra command for "role".
Expand Down Expand Up @@ -83,8 +83,8 @@ func newRoleGrantPermissionCommand() *cobra.Command {
Run: roleGrantPermissionCommandFunc,
}

cmd.Flags().BoolVar(&grantPermissionPrefix, "prefix", false, "grant a prefix permission")
cmd.Flags().BoolVar(&permFromKey, "from-key", false, "grant a permission of keys that are greater than or equal to the given key using byte compare")
cmd.Flags().BoolVar(&rolePermPrefix, "prefix", false, "grant a prefix permission")
cmd.Flags().BoolVar(&rolePermFromKey, "from-key", false, "grant a permission of keys that are greater than or equal to the given key using byte compare")

return cmd
}
Expand All @@ -96,7 +96,8 @@ func newRoleRevokePermissionCommand() *cobra.Command {
Run: roleRevokePermissionCommandFunc,
}

cmd.Flags().BoolVar(&permFromKey, "from-key", false, "grant a permission of keys that are greater than or equal to the given key using byte compare")
cmd.Flags().BoolVar(&rolePermPrefix, "prefix", false, "revoke a prefix permission")
cmd.Flags().BoolVar(&rolePermFromKey, "from-key", false, "revoke a permission of keys that are greater than or equal to the given key using byte compare")

return cmd
}
Expand Down Expand Up @@ -169,27 +170,10 @@ func roleGrantPermissionCommandFunc(cmd *cobra.Command, args []string) {
ExitWithError(ExitBadArgs, err)
}

rangeEnd := ""
if 4 <= len(args) {
if grantPermissionPrefix {
ExitWithError(ExitBadArgs, fmt.Errorf("don't pass both of --prefix option and range end to grant permission command"))
}

if permFromKey {
ExitWithError(ExitBadArgs, fmt.Errorf("don't pass both of --from-key option and range end to grant permission command"))
}

rangeEnd = args[3]
} else if grantPermissionPrefix {
if permFromKey {
ExitWithError(ExitBadArgs, fmt.Errorf("don't pass both of --from-key option and --prefix option to grant permission command"))
}

rangeEnd = clientv3.GetPrefixRangeEnd(args[2])
} else if permFromKey {
rangeEnd = "\x00"
rangeEnd, rerr := rangeEndFromPermFlags(args[2:])
if rerr != nil {
ExitWithError(ExitBadArgs, rerr)
}

resp, err := mustClientFromCmd(cmd).Auth.RoleGrantPermission(context.TODO(), args[0], args[2], rangeEnd, perm)
if err != nil {
ExitWithError(ExitError, err)
Expand All @@ -204,16 +188,36 @@ func roleRevokePermissionCommandFunc(cmd *cobra.Command, args []string) {
ExitWithError(ExitBadArgs, fmt.Errorf("role revoke-permission command requires role name and key [endkey] as its argument."))
}

rangeEnd := ""
if 3 <= len(args) {
rangeEnd = args[2]
} else if permFromKey {
rangeEnd = "\x00"
rangeEnd, rerr := rangeEndFromPermFlags(args[1:])
if rerr != nil {
ExitWithError(ExitBadArgs, rerr)
}

resp, err := mustClientFromCmd(cmd).Auth.RoleRevokePermission(context.TODO(), args[0], args[1], rangeEnd)
if err != nil {
ExitWithError(ExitError, err)
}
display.RoleRevokePermission(args[0], args[1], rangeEnd, *resp)
}

func rangeEndFromPermFlags(args []string) (string, error) {
if len(args) == 1 {
if rolePermPrefix {
if rolePermFromKey {
return "", fmt.Errorf("--from-key and --prefix flags are mutually exclusive")
}
return clientv3.GetPrefixRangeEnd(args[0]), nil
}
if rolePermFromKey {
return "\x00", nil
}
// single key case
return "", nil
}
if rolePermPrefix {
return "", fmt.Errorf("unexpected endkey argument with --prefix flag")
}
if rolePermFromKey {
return "", fmt.Errorf("unexpected endkey argument with --from-key flag")
}
return args[1], nil
}

0 comments on commit f75e333

Please sign in to comment.