-
Notifications
You must be signed in to change notification settings - Fork 2
/
role.go
92 lines (80 loc) · 2.8 KB
/
role.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
package service
import (
"context"
"gitee.com/cruvie/kk_go_kit/kk_stage"
"github.com/cruvie/kk_etcd_go/kk_etcd_client"
"github.com/cruvie/kk_etcd_go/kk_etcd_const"
"github.com/cruvie/kk_etcd_go/kk_etcd_models"
"go.etcd.io/etcd/client/v3"
"log/slog"
)
func RoleAdd(stage *kk_stage.Stage, role *kk_etcd_models.PBRole) (res int) {
if role.Name == kk_etcd_const.RoleRoot {
slog.Error("illegal add root role!", kk_stage.NewLog(stage).Args()...)
return -1
}
_, err := kk_etcd_client.EtcdClient.RoleAdd(context.Background(), role.Name)
if err != nil {
slog.Error("failed to add role", kk_stage.NewLog(stage).Error(err).Any("roleName", role.Name).Args()...)
return -1
}
return 1
}
func RoleGrantPermission(stage *kk_stage.Stage, role *kk_etcd_models.PBRole) (res int) {
//PermissionType at pkg authpb
//authpb.READ 0
//authpb.WRITE 1
//authpb.READWRITE 2
//todo 一经设定无法修改??
_, err := kk_etcd_client.EtcdClient.RoleGrantPermission(context.Background(), role.Name, role.Key, role.RangeEnd, clientv3.PermissionType(role.PermissionType))
if err != nil {
slog.Error("failed to grant permission", kk_stage.NewLog(stage).Error(err).Any("roleName", role.Name).Args()...)
return -2
}
return 1
}
func RoleDelete(stage *kk_stage.Stage, roleName string) (res int) {
if roleName == kk_etcd_const.RoleRoot {
slog.Error("illegal delete root role!", kk_stage.NewLog(stage).Args()...)
return -1
}
_, err := kk_etcd_client.EtcdClient.RoleDelete(context.Background(), roleName)
if err != nil {
slog.Error("failed to delete role", kk_stage.NewLog(stage).Error(err).Any("roleName", roleName).Args()...)
return -2
}
return 1
}
func RoleList(stage *kk_stage.Stage) (res int, roles *kk_etcd_models.PBListRole) {
list, err := kk_etcd_client.EtcdClient.RoleList(context.Background())
if err != nil {
slog.Error("failed to get role list", kk_stage.NewLog(stage).Error(err).Args()...)
return -1, nil
}
roles = &kk_etcd_models.PBListRole{}
for _, roleName := range list.Roles {
role, res := RoleGet(stage, roleName)
if res != 1 {
slog.Error("failed to get role", kk_stage.NewLog(stage).Any("roleName", role.Name).Args()...)
return -1, nil
}
roles.List = append(roles.List, role)
}
return 1, roles
}
func RoleGet(stage *kk_stage.Stage, roleName string) (role *kk_etcd_models.PBRole, res int) {
r, err := kk_etcd_client.EtcdClient.RoleGet(context.Background(), roleName)
if err != nil {
slog.Error("failed to get role", kk_stage.NewLog(stage).Error(err).Any("roleName", roleName).Args()...)
return nil, -1
}
role = &kk_etcd_models.PBRole{}
role.Name = roleName
//[permType:READWRITE key:"dfdd" range_end:"ewrew" ]
if len(r.Perm) != 0 {
role.Key = string(r.Perm[0].Key)
role.RangeEnd = string(r.Perm[0].RangeEnd)
role.PermissionType = int32(r.Perm[0].PermType)
}
return role, 1
}