Permalink
Browse files

Merge pull request #437 from basho/adt-security-enable

Implement riak security enable/disable/status
  • Loading branch information...
2 parents d5f1bcf + 23bd5a4 commit 22c8c2c0c772535688a65c436545a3c51239f386 @Vagabond Vagabond committed Dec 24, 2013
Showing with 63 additions and 5 deletions.
  1. +3 −1 src/riak_core_app.erl
  2. +19 −1 src/riak_core_console.erl
  3. +41 −3 src/riak_core_security.erl
@@ -91,7 +91,9 @@ start(_StartType, _StartArgs) ->
riak_core_capability:register({riak_core, fold_req_version},
[v2, v1],
v1),
-
+ riak_core_capability:register({riak_core, security},
+ [true, false],
+ false),
{ok, Pid};
{error, Reason} ->
{error, Reason}
@@ -25,7 +25,8 @@
clear_staged/1, transfer_limit/1, pending_claim_percentage/2,
transfers/1, add_user/1, alter_user/1, del_user/1,
add_source/1, del_source/1, grant/1, revoke/1,
- print_users/1, print_user/1, print_sources/1, ciphers/1]).
+ print_users/1, print_user/1, print_sources/1,
+ security_enable/1, security_disable/1, security_status/1, ciphers/1]).
%% @doc Return for a given ring and node, percentage currently owned and
%% anticipated after the transitions have been completed.
@@ -1003,6 +1004,23 @@ ciphers([CipherList]) ->
error
end.
+security_enable([]) ->
+ riak_core_security:enable().
+
+security_disable([]) ->
+ riak_core_security:disable().
+
+security_status([]) ->
+ case riak_core_security:status() of
+ enabled ->
+ io:format("Enabled~n");
+ disabled ->
+ io:format("Disabled~n");
+ enabled_but_no_capability ->
+ io:format("WARNING: Configured to be enabled, but not supported "
+ "on all nodes so it is disabled!~n")
+ end.
+
parse_options(Options) ->
parse_options(Options, []).
@@ -26,7 +26,7 @@
-export([authenticate/3, add_user/2, alter_user/2, del_user/1,
add_source/4, del_source/2,
add_grant/3, add_revoke/3, check_permission/2, check_permissions/2,
- get_username/1, is_enabled/0,
+ get_username/1, is_enabled/0, enable/0, disable/0, status/0,
get_ciphers/0, set_ciphers/1, print_ciphers/0]).
%% TODO add rm_source, API to deactivate/remove users
@@ -505,8 +505,27 @@ del_source(User, CIDR) ->
is_enabled() ->
- %% TODO this should be some kind of capability or cluster-wide config
- app_helper:get_env(riak_core, security, false).
+ case riak_core_capability:get({riak_core, security}) of
+ true ->
+ case riak_core_metadata:get({<<"security">>, <<"status">>},
+ enabled) of
+ true ->
+ true;
+ _ ->
+ false
+ end;
+ _ ->
+ false
+ end.
+
+enable() ->
+ case riak_core_capability:get({riak_core, security}) of
+ true ->
+ riak_core_metadata:put({<<"security">>, <<"status">>},
+ enabled, true);
+ false ->
+ not_supported
+ end.
get_ciphers() ->
case riak_core_metadata:get({<<"security">>, <<"config">>}, ciphers) of
@@ -542,6 +561,25 @@ set_ciphers(CipherList) ->
ok
end.
+disable() ->
+ riak_core_metadata:put({<<"security">>, <<"status">>},
+ enabled, false).
+
+status() ->
+ Enabled = riak_core_metadata:get({<<"security">>, <<"status">>}, enabled,
+ [{default, false}]),
+ case Enabled of
+ true ->
+ case riak_core_capability:get({riak_core, security}) of
+ true ->
+ enabled;
+ _ ->
+ enabled_but_no_capability
+ end;
+ _ ->
+ disabled
+ end.
+
%% ============
%% INTERNAL
%% ============

0 comments on commit 22c8c2c

Please sign in to comment.