-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathcentral_auth_parser.go
118 lines (94 loc) · 3.31 KB
/
central_auth_parser.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
package ctrl
import (
"strings"
)
type authParser struct {
currentHost Node
accessLists *accessLists
//ACLsToConvert map[node]map[node]map[command]struct{}
}
// newAuthParser returns a new authParser, with the current host node set.
func newAuthParser(n Node, accessLists *accessLists) *authParser {
a := authParser{
currentHost: n,
accessLists: accessLists,
//ACLsToConvert: make(map[node]map[node]map[command]struct{}),
}
return &a
}
type parseFn func() parseFn
// parse will parse one host or one host group.
func (a *authParser) parse() {
fn := a.hostGroupOrSingle()
for {
fn = fn()
if fn == nil {
break
}
}
}
// hostGroupOrSingle checks if host grp or single node.
func (a *authParser) hostGroupOrSingle() parseFn {
switch {
case strings.HasPrefix(string(a.currentHost), "grp_nodes_") || a.currentHost == "*":
// Is group
return a.hostIsGroup
default:
// Is single node
return a.hostIsNotGroup
}
}
// hostIsGroup
func (a *authParser) hostIsGroup() parseFn {
// fmt.Printf("%v is a grp type\n", a.currentHost)
hosts := a.accessLists.nodeAsSlice(a.currentHost)
for source, cmdMap := range a.accessLists.schemaMain.ACLMap[a.currentHost] {
for cmd, emptyStruct := range cmdMap {
cmdSlice := a.accessLists.commandAsSlice(cmd)
// Expand eventual groups, so we use real fromNode nodenames in ACL for nodes.
sourceNodes := a.accessLists.nodeAsSlice(source)
for _, sourceNode := range sourceNodes {
for _, host := range hosts {
for _, cm := range cmdSlice {
if a.accessLists.schemaGenerated.ACLsToConvert[host] == nil {
a.accessLists.schemaGenerated.ACLsToConvert[host] = make(map[Node]map[command]struct{})
}
if a.accessLists.schemaGenerated.ACLsToConvert[host][sourceNode] == nil {
a.accessLists.schemaGenerated.ACLsToConvert[host][sourceNode] = make(map[command]struct{})
}
a.accessLists.schemaGenerated.ACLsToConvert[host][sourceNode][cm] = emptyStruct
}
}
}
}
}
// fmt.Printf(" * ACLsToConvert=%+v\n", a.authSchema.schemaGenerated.ACLsToConvert)
// Done with host. Return nil will make the main loop take the next host in the main for loop.
return nil
}
// hostIsNotGroup
func (a *authParser) hostIsNotGroup() parseFn {
// fmt.Printf("%v is a single node type\n", a.currentHost)
host := a.currentHost
for source, cmdMap := range a.accessLists.schemaMain.ACLMap[a.currentHost] {
for cmd, emptyStruct := range cmdMap {
cmdSlice := a.accessLists.commandAsSlice(cmd)
// Expand eventual groups, so we use real fromNode nodenames in ACL for nodes.
sourceNodes := a.accessLists.nodeAsSlice(source)
for _, sourceNode := range sourceNodes {
for _, cm := range cmdSlice {
if a.accessLists.schemaGenerated.ACLsToConvert[host] == nil {
a.accessLists.schemaGenerated.ACLsToConvert[host] = make(map[Node]map[command]struct{})
}
if a.accessLists.schemaGenerated.ACLsToConvert[host][sourceNode] == nil {
a.accessLists.schemaGenerated.ACLsToConvert[host][sourceNode] = make(map[command]struct{})
}
a.accessLists.schemaGenerated.ACLsToConvert[host][sourceNode][cm] = emptyStruct
}
}
}
}
// fmt.Printf(" * ACLsToConvert contains: %+v\n", a.authSchema.schemaGenerated.ACLsToConvert)
// Done with host. Return nil will make the main loop take the next host in the main for loop.
return nil
}