Skip to content

Commit

Permalink
Implement riak security enable/disable/status
Browse files Browse the repository at this point in the history 
Implemented in terms of a cluster_metadata modulated capability.
  • Loading branch information
@Vagabond
Vagabond committed Dec 24, 2013
1 parent d5f1bcf commit 23bd5a4
Show file tree
Hide file tree
Showing 3 changed files with 63 additions and 5 deletions.
4 changes: 3 additions & 1 deletion src/riak_core_app.erl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,9 @@ start(_StartType, _StartArgs) ->
riak_core_capability:register({riak_core, fold_req_version},
[v2, v1],
v1),

riak_core_capability:register({riak_core, security},
[true, false],
false),
{ok, Pid};
{error, Reason} ->
{error, Reason}
Expand Down
20 changes: 19 additions & 1 deletion src/riak_core_console.erl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,8 @@
clear_staged/1, transfer_limit/1, pending_claim_percentage/2,
transfers/1, add_user/1, alter_user/1, del_user/1,
add_source/1, del_source/1, grant/1, revoke/1,
print_users/1, print_user/1, print_sources/1, ciphers/1]).
print_users/1, print_user/1, print_sources/1,
security_enable/1, security_disable/1, security_status/1, ciphers/1]).

%% @doc Return for a given ring and node, percentage currently owned and
%% anticipated after the transitions have been completed.
Expand Down Expand Up @@ -1003,6 +1004,23 @@ ciphers([CipherList]) ->
error
end.

security_enable([]) ->
riak_core_security:enable().

security_disable([]) ->
riak_core_security:disable().

security_status([]) ->
case riak_core_security:status() of
enabled ->
io:format("Enabled~n");
disabled ->
io:format("Disabled~n");
enabled_but_no_capability ->
io:format("WARNING: Configured to be enabled, but not supported "
"on all nodes so it is disabled!~n")
end.

parse_options(Options) ->
parse_options(Options, []).

Expand Down
44 changes: 41 additions & 3 deletions src/riak_core_security.erl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
-export([authenticate/3, add_user/2, alter_user/2, del_user/1,
add_source/4, del_source/2,
add_grant/3, add_revoke/3, check_permission/2, check_permissions/2,
get_username/1, is_enabled/0,
get_username/1, is_enabled/0, enable/0, disable/0, status/0,
get_ciphers/0, set_ciphers/1, print_ciphers/0]).
%% TODO add rm_source, API to deactivate/remove users

Expand Down Expand Up @@ -505,8 +505,27 @@ del_source(User, CIDR) ->


is_enabled() ->
%% TODO this should be some kind of capability or cluster-wide config
app_helper:get_env(riak_core, security, false).
case riak_core_capability:get({riak_core, security}) of
true ->
case riak_core_metadata:get({<<"security">>, <<"status">>},
enabled) of
true ->
true;
_ ->
false
end;
_ ->
false
end.

enable() ->
case riak_core_capability:get({riak_core, security}) of
true ->
riak_core_metadata:put({<<"security">>, <<"status">>},
enabled, true);
false ->
not_supported
end.

get_ciphers() ->
case riak_core_metadata:get({<<"security">>, <<"config">>}, ciphers) of
Expand Down Expand Up @@ -542,6 +561,25 @@ set_ciphers(CipherList) ->
ok
end.

disable() ->
riak_core_metadata:put({<<"security">>, <<"status">>},
enabled, false).

status() ->
Enabled = riak_core_metadata:get({<<"security">>, <<"status">>}, enabled,
[{default, false}]),
case Enabled of
true ->
case riak_core_capability:get({riak_core, security}) of
true ->
enabled;
_ ->
enabled_but_no_capability
end;
_ ->
disabled
end.

%% ============
%% INTERNAL
%% ============
Expand Down

0 comments on commit 23bd5a4

Please sign in to comment.