Commit 1f9346e0 authored by Zhu Yong's avatar Zhu Yong
Browse files

Refactor ACL operation, add example code for SetACL

parent 0de4eb5b
Loading
Loading
Loading
Loading
+1 −1
Original line number Diff line number Diff line
@@ -305,7 +305,7 @@ func (conn *BlockConnection) SetErasePin(currentPin []byte, newPin []byte) (Stat

// SetACL sets Permission for particular user Identify.
// On success, Status.Code = OK.
func (conn *BlockConnection) SetACL(acls []SecurityACL) (Status, error) {
func (conn *BlockConnection) SetACL(acls []ACL) (Status, error) {
	callback := &GenericCallback{}
	h := NewResponseHandler(callback)
	err := conn.nbc.SetACL(acls, h)
+4 −4
Original line number Diff line number Diff line
@@ -634,18 +634,18 @@ func convertACLAlgorithmToProto(algo ACLAlgorithm) kproto.Command_Security_ACL_H
	return ret
}

type SecurityACLScope struct {
type ACLScope struct {
	Offset      int64
	Value       []byte
	Permission  []ACLPermission
	Permissions []ACLPermission
	TlsRequired bool
}

type SecurityACL struct {
type ACL struct {
	Identify    int64
	Key         []byte
	Algo        ACLAlgorithm
	Scope       []SecurityACLScope
	Scopes      []ACLScope
	MaxPriority Priority
}

+84 −0
Original line number Diff line number Diff line
@@ -235,3 +235,87 @@ func ExampleNonBlockConnection_multiplePut() {
		<-done
	}
}

func ExampleBlockConnection_SetACL() {
	// Set the log leverl to debug
	SetLogLevel(LogLevelDebug)

	// Client options
	var option = ClientOptions{
		Host:   "10.29.24.55",
		Port:   8443, // Must be SSL connection here
		User:   1,
		Hmac:   []byte("asdfasdf"),
		UseSSL: true, // Set ACL must use SSL connection
	}

	conn, err := NewBlockConnection(option)
	if err != nil {
		panic(err)
	}

	perms := []ACLPermission{
		ACL_PERMISSION_GETLOG,
	}
	scope := []ACLScope{
		ACLScope{
			Permissions: perms,
		},
	}
	acls := []ACL{
		ACL{
			Identify: 100,
			Key:      []byte("asdfasdf"),
			Algo:     ACL_ALGORITHM_HMACSHA1,
			Scopes:   scope,
		},
	}

	status, err := conn.SetACL(acls)
	if err != nil || status.Code != OK {
		fmt.Println("SetACL failure: ", err, status)
	}

	// Close the SET ACL connection
	conn.Close()

	// Next, do the verifiation on the SET ACL
	// Client options
	option = ClientOptions{
		Host: "10.29.24.55",
		Port: 8123,
		User: 100,
		Hmac: []byte("asdfasdf")}

	conn, err = NewBlockConnection(option)
	if err != nil {
		panic(err)
	}

	logs := []LogType{
		LOG_UTILIZATIONS,
		LOG_TEMPERATURES,
		LOG_CAPACITIES,
		LOG_CONFIGURATION,
		LOG_STATISTICS,
		LOG_MESSAGES,
		LOG_LIMITS,
	}

	_, status, err = conn.GetLog(logs)
	if err != nil || status.Code != OK {
		fmt.Println("GetLog Failure: ", err, status)
	}

	_, status, err = conn.Get([]byte("object000"))
	if err != nil {
		fmt.Println("Get Failure: ", err)
	}

	if status.Code != REMOTE_NOT_AUTHORIZED {
		fmt.Println("SET ACL not effective, ", status)
	}

	// Close the verify connection
	conn.Close()
}
+5 −5
Original line number Diff line number Diff line
@@ -311,16 +311,16 @@ func (conn *NonBlockConnection) SetErasePin(currentPin []byte, newPin []byte, h
}

// SetACL sets Permission for particular user Identify.
func (conn *NonBlockConnection) SetACL(acls []SecurityACL, h *ResponseHandler) error {
func (conn *NonBlockConnection) SetACL(acls []ACL, h *ResponseHandler) error {
	msg := newMessage(kproto.Message_HMACAUTH)
	cmd := newCommand(kproto.Command_SECURITY)

	cmdACL := make([]*kproto.Command_Security_ACL, len(acls))
	for ka, acl := range acls {
		cmdScope := make([]*kproto.Command_Security_ACL_Scope, len(acl.Scope))
		for ks, scope := range acl.Scope {
			cmdPermission := make([]kproto.Command_Security_ACL_Permission, len(scope.Permission))
			for kp, permission := range scope.Permission {
		cmdScope := make([]*kproto.Command_Security_ACL_Scope, len(acl.Scopes))
		for ks, scope := range acl.Scopes {
			cmdPermission := make([]kproto.Command_Security_ACL_Permission, len(scope.Permissions))
			for kp, permission := range scope.Permissions {
				cmdPermission[kp] = convertACLPermissionToProto(permission)
			}
			cmdScope[ks] = &kproto.Command_Security_ACL_Scope{