1
0
mirror of https://github.com/OpenNebula/one.git synced 2024-12-23 17:33:56 +03:00

M #- : goca add ACL Utilities (#4980)

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens L 2020-09-15 11:22:27 +02:00 committed by GitHub
parent f539f976e2
commit 098e0b6a5e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -16,7 +16,13 @@
package acl
import "encoding/xml"
import (
"encoding/xml"
"fmt"
"regexp"
"strconv"
"strings"
)
// Pool represents an OpenNebula ACL pool
type Pool struct {
@ -75,3 +81,137 @@ const (
Admin Rights = 0x4 // Auth. to perform administrative actions
Create Rights = 0x8 // Auth. to create an object
)
var resourceMap = map[string]Resources{
"VM": VM,
"HOST": Host,
"NET": Net,
"IMAGE": Image,
"USER": User,
"TEMPLATE": Template,
"GROUP": Group,
"DATASTORE": Datastore,
"CLUSTER": Cluster,
"DOCUMENT": Document,
"ZONE": Zone,
"SECGROUP": SecGroup,
"VDC": Vdc,
"VROUTER": VRouter,
"MARKETPLACE": MarketPlace,
"MARKETPLACEAPP": MarketPlaceApp,
"VMGROUP": VMGroup,
"VNTEMPLATE": VNTemplate,
}
var rightMap = map[string]Rights{
"USE": Use,
"MANAGE": Manage,
"ADMIN": Admin,
"CREATE": Create,
}
// CalculateIDs Calculate hex from User selector (#0, @0, *, %0)
func CalculateIDs(idString string) (int64, error) {
match, err := regexp.Match("^([\\#@\\%]\\d+|\\*)$", []byte(idString))
if err != nil {
return 0, err
}
if !match {
return 0, fmt.Errorf("ID String %+v malformed", idString)
}
var value int64
// Match by UID
if strings.HasPrefix(idString, "#") {
id, err := strconv.Atoi(strings.TrimLeft(idString, "#"))
if err != nil {
return 0, err
}
value = int64(UID) + int64(id)
}
// Match by GID
if strings.HasPrefix(idString, "@") {
id, err := strconv.Atoi(strings.TrimLeft(idString, "@"))
if err != nil {
return 0, err
}
value = int64(GID) + int64(id)
}
// Match all
if strings.HasPrefix(idString, "*") {
value = int64(All)
}
// Match by cluster
if strings.HasPrefix(idString, "%") {
id, err := strconv.Atoi(strings.TrimLeft(idString, "%"))
if err != nil {
return 0, err
}
value = int64(ClusterUsr) + int64(id)
}
return value, nil
}
// ParseUsers Converts a string in the form [#<id>, @<id>, *] to a hex. number
func ParseUsers(users string) (string, error) {
value, err := CalculateIDs(users)
if err != nil {
return "", err
}
return fmt.Sprintf("%X", value), err
}
// ParseResources Converts a resources string to a hex. number (e.g. NET+VROUTER/@190)
func ParseResources(resources string) (string, error) {
var ret int64
resourceParts := strings.Split(resources, "/")
if len(resourceParts) != 2 {
return "", fmt.Errorf("resource '%+v' malformed", resources)
}
res := strings.Split(resourceParts[0], "+")
for _, resource := range res {
val, ok := resourceMap[strings.ToUpper(resource)]
if !ok {
return "", fmt.Errorf("resource '%+v' does not exist", resource)
}
ret += int64(val)
}
ids, err := CalculateIDs(resourceParts[1])
if err != nil {
return "", err
}
ret += ids
return fmt.Sprintf("%x", ret), nil
}
// ParseRights Converts a rights string to a hex. number (MANAGE+ADMIN)
func ParseRights(rights string) (string, error) {
var ret int64
rightsParts := strings.Split(rights, "+")
for _, right := range rightsParts {
val, ok := rightMap[strings.ToUpper(right)]
if !ok {
return "", fmt.Errorf("right '%+v' does not exist", right)
}
ret += int64(val)
}
return fmt.Sprintf("%x", ret), nil
}
// ParseZone Convert a zone part of the ACL String (#0)
func ParseZone(zone string) (string, error) {
ids, err := CalculateIDs(zone)
if err != nil {
return "", err
}
return fmt.Sprintf("%x", ids), nil
}