ziggi/certmanager
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

certmanager updates

Browse Source
This commit is contained in:
Олег Бородин
2024-08-10 15:08:14 +02:00
parent cab7eac36e
commit 0bafb086bc
9 changed files with 206 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
internal/grpc/handler/account.go
View File

@@ -12,7 +12,7 @@ import (
func (hand *Handler) Authentificate(ctx context.Context) (int64, error) { func (hand *Handler) Authentificate(ctx context.Context) (int64, error) {
var err error var err error
var userID int64 var accountID int64
meta, _ := metadata.FromIncomingContext(ctx) meta, _ := metadata.FromIncomingContext(ctx)
hand.log.Debugf("Reqest username: %s", meta["username"]) hand.log.Debugf("Reqest username: %s", meta["username"])
@@ -21,27 +21,27 @@ func (hand *Handler) Authentificate(ctx context.Context) (int64, error) {
passwordArr := meta["password"] passwordArr := meta["password"]
if len(usernameArr) == 0 || len(passwordArr) == 0 { if len(usernameArr) == 0 || len(passwordArr) == 0 {
err := status.Errorf(codes.PermissionDenied, "Empty auth data") err := status.Errorf(codes.PermissionDenied, "Empty auth data")
return userID, err return accountID, err
} }
username := meta["username"][0] username := meta["username"][0]
password := meta["password"][0] password := meta["password"][0]
validated, userID, err := hand.lg.ValidateAcount(ctx, username, password) validated, accountID, err := hand.lg.ValidateAcount(ctx, username, password)
if !validated { if !validated {
err := status.Errorf(codes.PermissionDenied, "Wrong auth data") err := status.Errorf(codes.PermissionDenied, "Wrong auth data")
return userID, err return accountID, err
} }
return userID, err return accountID, err
} }
func (hand *Handler) CreateAccount(ctx context.Context, params *cmctl.CreateAccountParams) (*cmctl.CreateAccountResult, error) { func (hand *Handler) CreateAccount(ctx context.Context, params *cmctl.CreateAccountParams) (*cmctl.CreateAccountResult, error) {
var err error var err error
hand.log.Debugf("Handle CreateAccount call") hand.log.Debugf("Handle CreateAccount call")
res := &cmctl.CreateAccountResult{} res := &cmctl.CreateAccountResult{}
userID, err := hand.Authentificate(ctx) accountID, err := hand.Authentificate(ctx)
if err != nil { if err != nil {
return res, err return res, err
} }
res, err = hand.lg.CreateAccount(ctx, userID, params) res, err = hand.lg.CreateAccount(ctx, accountID, params)
return res, err return res, err
} }
@@ -49,11 +49,11 @@ func (hand *Handler) DeleteAccount(ctx context.Context, params *cmctl.DeleteAcco
var err error var err error
hand.log.Debugf("Handle DeleteAccount call") hand.log.Debugf("Handle DeleteAccount call")
res := &cmctl.DeleteAccountResult{} res := &cmctl.DeleteAccountResult{}
userID, err := hand.Authentificate(ctx) accountID, err := hand.Authentificate(ctx)
if err != nil { if err != nil {
return res, err return res, err
} }
res, err = hand.lg.DeleteAccount(ctx, userID, params) res, err = hand.lg.DeleteAccount(ctx, accountID, params)
return res, err return res, err
} }
@@ -61,11 +61,11 @@ func (hand *Handler) ListAccounts(ctx context.Context, params *cmctl.ListAccount
var err error var err error
hand.log.Debugf("Handle ListAccounts call") hand.log.Debugf("Handle ListAccounts call")
res := &cmctl.ListAccountsResult{} res := &cmctl.ListAccountsResult{}
userID, err := hand.Authentificate(ctx) accountID, err := hand.Authentificate(ctx)
if err != nil { if err != nil {
return res, err return res, err
} }
res, err = hand.lg.ListAccounts(ctx, userID, params) res, err = hand.lg.ListAccounts(ctx, accountID, params)
return res, err return res, err
} }
@@ -73,10 +73,10 @@ func (hand *Handler) UpdateAccount(ctx context.Context, params *cmctl.UpdateAcco
var err error var err error
hand.log.Debugf("Handle UpdateAccount call") hand.log.Debugf("Handle UpdateAccount call")
res := &cmctl.UpdateAccountResult{} res := &cmctl.UpdateAccountResult{}
userID, err := hand.Authentificate(ctx) accountID, err := hand.Authentificate(ctx)
if err != nil { if err != nil {
return res, err return res, err
} }
res, err = hand.lg.UpdateAccount(ctx, userID, params) res, err = hand.lg.UpdateAccount(ctx, accountID, params)
return res, err return res, err
} }

8
internal/grpc/handler/grant.go
View File

@@ -10,11 +10,11 @@ func (hand *Handler) SetGrant(ctx context.Context, params *cmctl.SetGrantParams)
var err error var err error
hand.log.Debugf("Handle SetGrant call") hand.log.Debugf("Handle SetGrant call")
res := &cmctl.SetGrantResult{} res := &cmctl.SetGrantResult{}
userID, err := hand.Authentificate(ctx) accountID, err := hand.Authentificate(ctx)
if err != nil { if err != nil {
return res, err return res, err
} }
res, err = hand.lg.SetGrant(ctx, userID, params) res, err = hand.lg.SetGrant(ctx, accountID, params)
return res, err return res, err
} }
@@ -22,10 +22,10 @@ func (hand *Handler) DeleteGrant(ctx context.Context, params *cmctl.DeleteGrantP
var err error var err error
hand.log.Debugf("Handle DeleteGrant call") hand.log.Debugf("Handle DeleteGrant call")
res := &cmctl.DeleteGrantResult{} res := &cmctl.DeleteGrantResult{}
userID, err := hand.Authentificate(ctx) accountID, err := hand.Authentificate(ctx)
if err != nil { if err != nil {
return res, err return res, err
} }
res, err = hand.lg.DeleteGrant(ctx, userID, params) res, err = hand.lg.DeleteGrant(ctx, accountID, params)
return res, err return res, err
} }

24
internal/grpc/handler/issuer.go
View File

@@ -10,11 +10,11 @@ func (hand *Handler) CreateIssuerPair(ctx context.Context, params *cmctl.CreateI
var err error var err error
hand.log.Debugf("Handle CreateIssuerPair call") hand.log.Debugf("Handle CreateIssuerPair call")
res := &cmctl.CreateIssuerPairResult{} res := &cmctl.CreateIssuerPairResult{}
userID, err := hand.Authentificate(ctx) accountID, err := hand.Authentificate(ctx)
if err != nil { if err != nil {
return res, err return res, err
} }
res, err = hand.lg.CreateIssuerPair(ctx, userID, params) res, err = hand.lg.CreateIssuerPair(ctx, accountID, params)
return res, err return res, err
} }
@@ -22,11 +22,11 @@ func (hand *Handler) ImportIssuerPair(ctx context.Context, params *cmctl.ImportI
var err error var err error
hand.log.Debugf("Handle ImportIssuerPair call") hand.log.Debugf("Handle ImportIssuerPair call")
res := &cmctl.ImportIssuerPairResult{} res := &cmctl.ImportIssuerPairResult{}
userID, err := hand.Authentificate(ctx) accountID, err := hand.Authentificate(ctx)
if err != nil { if err != nil {
return res, err return res, err
} }
res, err = hand.lg.ImportIssuerPair(ctx, userID, params) res, err = hand.lg.ImportIssuerPair(ctx, accountID, params)
return res, err return res, err
} }
@@ -34,11 +34,11 @@ func (hand *Handler) RevokeIssuerPair(ctx context.Context, params *cmctl.RevokeI
var err error var err error
hand.log.Debugf("Handle RevokeIssuerPair call") hand.log.Debugf("Handle RevokeIssuerPair call")
res := &cmctl.RevokeIssuerPairResult{} res := &cmctl.RevokeIssuerPairResult{}
userID, err := hand.Authentificate(ctx) accountID, err := hand.Authentificate(ctx)
if err != nil { if err != nil {
return res, err return res, err
} }
res, err = hand.lg.RevokeIssuerPair(ctx, userID, params) res, err = hand.lg.RevokeIssuerPair(ctx, accountID, params)
return res, err return res, err
} }
@@ -46,11 +46,11 @@ func (hand *Handler) UnrevokeIssuerPair(ctx context.Context, params *cmctl.Unrev
var err error var err error
hand.log.Debugf("Handle UnrevokeIssuerPair call") hand.log.Debugf("Handle UnrevokeIssuerPair call")
res := &cmctl.UnrevokeIssuerPairResult{} res := &cmctl.UnrevokeIssuerPairResult{}
userID, err := hand.Authentificate(ctx) accountID, err := hand.Authentificate(ctx)
if err != nil { if err != nil {
return res, err return res, err
} }
res, err = hand.lg.UnrevokeIssuerPair(ctx, userID, params) res, err = hand.lg.UnrevokeIssuerPair(ctx, accountID, params)
return res, err return res, err
} }
@@ -58,11 +58,11 @@ func (hand *Handler) ListIssuerPairs(ctx context.Context, params *cmctl.ListIssu
var err error var err error
hand.log.Debugf("Handle ListIssuerPairs call") hand.log.Debugf("Handle ListIssuerPairs call")
res := &cmctl.ListIssuerPairsResult{} res := &cmctl.ListIssuerPairsResult{}
userID, err := hand.Authentificate(ctx) accountID, err := hand.Authentificate(ctx)
if err != nil { if err != nil {
return res, err return res, err
} }
res, err = hand.lg.ListIssuerPairs(ctx, userID, params) res, err = hand.lg.ListIssuerPairs(ctx, accountID, params)
return res, err return res, err
} }
@@ -70,10 +70,10 @@ func (hand *Handler) GetIssuerCertificate(ctx context.Context, params *cmctl.Get
var err error var err error
hand.log.Debugf("Handle GetIssuerCertificate call") hand.log.Debugf("Handle GetIssuerCertificate call")
res := &cmctl.GetIssuerCertificateResult{} res := &cmctl.GetIssuerCertificateResult{}
userID, err := hand.Authentificate(ctx) accountID, err := hand.Authentificate(ctx)
if err != nil { if err != nil {
return res, err return res, err
} }
res, err = hand.lg.GetIssuerCertificate(ctx, userID, params) res, err = hand.lg.GetIssuerCertificate(ctx, accountID, params)
return res, err return res, err
} }

20
internal/grpc/handler/service.go
View File

@@ -10,11 +10,11 @@ func (hand *Handler) CreateServicePair(ctx context.Context, params *cmctl.Create
var err error var err error
hand.log.Debugf("Handle CreateServicePair call") hand.log.Debugf("Handle CreateServicePair call")
res := &cmctl.CreateServicePairResult{} res := &cmctl.CreateServicePairResult{}
userID, err := hand.Authentificate(ctx) accountID, err := hand.Authentificate(ctx)
if err != nil { if err != nil {
return res, err return res, err
} }
res, err = hand.lg.CreateServicePair(ctx, userID, params) res, err = hand.lg.CreateServicePair(ctx, accountID, params)
return res, err return res, err
} }
@@ -22,11 +22,11 @@ func (hand *Handler) RevokeServicePair(ctx context.Context, params *cmctl.Revoke
var err error var err error
hand.log.Debugf("Handle RevokeServicePair call") hand.log.Debugf("Handle RevokeServicePair call")
res := &cmctl.RevokeServicePairResult{} res := &cmctl.RevokeServicePairResult{}
userID, err := hand.Authentificate(ctx) accountID, err := hand.Authentificate(ctx)
if err != nil { if err != nil {
return res, err return res, err
} }
res, err = hand.lg.RevokeServicePair(ctx, userID, params) res, err = hand.lg.RevokeServicePair(ctx, accountID, params)
return res, err return res, err
} }
@@ -34,11 +34,11 @@ func (hand *Handler) UnrevokeServicePair(ctx context.Context, params *cmctl.Unre
var err error var err error
hand.log.Debugf("Handle UnrevokeServicePair call") hand.log.Debugf("Handle UnrevokeServicePair call")
res := &cmctl.UnrevokeServicePairResult{} res := &cmctl.UnrevokeServicePairResult{}
userID, err := hand.Authentificate(ctx) accountID, err := hand.Authentificate(ctx)
if err != nil { if err != nil {
return res, err return res, err
} }
res, err = hand.lg.UnrevokeServicePair(ctx, userID, params) res, err = hand.lg.UnrevokeServicePair(ctx, accountID, params)
return res, err return res, err
} }
@@ -46,11 +46,11 @@ func (hand *Handler) ListServicePairs(ctx context.Context, params *cmctl.ListSer
var err error var err error
hand.log.Debugf("Handle ListServicePairs call") hand.log.Debugf("Handle ListServicePairs call")
res := &cmctl.ListServicePairsResult{} res := &cmctl.ListServicePairsResult{}
userID, err := hand.Authentificate(ctx) accountID, err := hand.Authentificate(ctx)
if err != nil { if err != nil {
return res, err return res, err
} }
res, err = hand.lg.ListServicePairs(ctx, userID, params) res, err = hand.lg.ListServicePairs(ctx, accountID, params)
return res, err return res, err
} }
@@ -58,10 +58,10 @@ func (hand *Handler) GetServicePair(ctx context.Context, params *cmctl.GetServic
var err error var err error
hand.log.Debugf("Handle GetServicePair call") hand.log.Debugf("Handle GetServicePair call")
res := &cmctl.GetServicePairResult{} res := &cmctl.GetServicePairResult{}
userID, err := hand.Authentificate(ctx) accountID, err := hand.Authentificate(ctx)
if err != nil { if err != nil {
return res, err return res, err
} }
res, err = hand.lg.GetServicePair(ctx, userID, params) res, err = hand.lg.GetServicePair(ctx, accountID, params)
return res, err return res, err
} }

54
internal/logic/account.go
View File

@@ -12,27 +12,35 @@ import (
func (lg *Logic) ValidateAcount(ctx context.Context, username, password string) (bool, int64, error) { func (lg *Logic) ValidateAcount(ctx context.Context, username, password string) (bool, int64, error) {
var err error var err error
var userID int64 var accountID int64
var valid bool var valid bool
accountExists, accountDescr, err := lg.db.GetAccountByUsername(ctx, username) accountExists, accountDescr, err := lg.db.GetAccountByUsername(ctx, username)
if !accountExists { if !accountExists {
err := fmt.Errorf("Account not exists") err := fmt.Errorf("Account not exists")
return valid, userID, err return valid, accountID, err
} }
if password != accountDescr.Password { if password != accountDescr.Password {
err := fmt.Errorf("Login data mismatch") err := fmt.Errorf("Login data mismatch")
return valid, userID, err return valid, accountID, err
} }
valid = true valid = true
userID = accountDescr.ID accountID = accountDescr.ID
return valid, userID, err return valid, accountID, err
} }
func (lg *Logic) CreateAccount(ctx context.Context, userID int64, params *cmctl.CreateAccountParams) (*cmctl.CreateAccountResult, error) { func (lg *Logic) CreateAccount(ctx context.Context, accountID int64, params *cmctl.CreateAccountParams) (*cmctl.CreateAccountResult, error) {
var err error var err error
res := &cmctl.CreateAccountResult{} res := &cmctl.CreateAccountResult{}
grantExists, _, err := lg.db.GetGrant(ctx, accountID, descriptor.GrantModifyUsers)
if err != nil {
return res, err
}
if !grantExists {
err := fmt.Errorf("Operation not allowed for the user")
return res, err
}
if params.Username == "" { if params.Username == "" {
err := fmt.Errorf("Empty username parameters") err := fmt.Errorf("Empty username parameters")
return res, err return res, err
@@ -68,10 +76,19 @@ func (lg *Logic) CreateAccount(ctx context.Context, userID int64, params *cmctl.
return res, err return res, err
} }
func (lg *Logic) UpdateAccount(ctx context.Context, userID int64, params *cmctl.UpdateAccountParams) (*cmctl.UpdateAccountResult, error) { func (lg *Logic) UpdateAccount(ctx context.Context, accountID int64, params *cmctl.UpdateAccountParams) (*cmctl.UpdateAccountResult, error) {
var err error var err error
res := &cmctl.UpdateAccountResult{} res := &cmctl.UpdateAccountResult{}
grantExists, _, err := lg.db.GetGrant(ctx, accountID, descriptor.GrantModifyUsers)
if err != nil {
return res, err
}
if !grantExists {
err := fmt.Errorf("Operation not allowed for the user")
return res, err
}
var accountDescr *descriptor.Account var accountDescr *descriptor.Account
var accountExists bool var accountExists bool
switch { switch {
@@ -111,10 +128,19 @@ func (lg *Logic) UpdateAccount(ctx context.Context, userID int64, params *cmctl.
return res, err return res, err
} }
func (lg *Logic) DeleteAccount(ctx context.Context, userID int64, params *cmctl.DeleteAccountParams) (*cmctl.DeleteAccountResult, error) { func (lg *Logic) DeleteAccount(ctx context.Context, accountID int64, params *cmctl.DeleteAccountParams) (*cmctl.DeleteAccountResult, error) {
var err error var err error
res := &cmctl.DeleteAccountResult{} res := &cmctl.DeleteAccountResult{}
grantExists, _, err := lg.db.GetGrant(ctx, accountID, descriptor.GrantModifyUsers)
if err != nil {
return res, err
}
if !grantExists {
err := fmt.Errorf("Operation not allowed for the user")
return res, err
}
var accountDescr *descriptor.Account var accountDescr *descriptor.Account
var accountExists bool var accountExists bool
switch { switch {
@@ -145,11 +171,21 @@ func (lg *Logic) DeleteAccount(ctx context.Context, userID int64, params *cmctl.
return res, err return res, err
} }
func (lg *Logic) ListAccounts(ctx context.Context, userID int64, params *cmctl.ListAccountsParams) (*cmctl.ListAccountsResult, error) { func (lg *Logic) ListAccounts(ctx context.Context, accountID int64, params *cmctl.ListAccountsParams) (*cmctl.ListAccountsResult, error) {
var err error var err error
res := &cmctl.ListAccountsResult{ res := &cmctl.ListAccountsResult{
Accounts: make([]*cmctl.AccountShortDescr, 0), Accounts: make([]*cmctl.AccountShortDescr, 0),
} }
grantExists, _, err := lg.db.GetGrant(ctx, accountID, descriptor.GrantModifyUsers)
if err != nil {
return res, err
}
if !grantExists {
err := fmt.Errorf("Operation not allowed for the user")
return res, err
}
accountDescrs, err := lg.db.ListAccounts(ctx) accountDescrs, err := lg.db.ListAccounts(ctx)
if err != nil { if err != nil {
return res, err return res, err

12
internal/logic/database.go
View File

@@ -19,10 +19,10 @@ func (lg *Logic) CleanDatabase(ctx context.Context) error {
func (lg *Logic) SeedAccount(ctx context.Context) (int64, error) { func (lg *Logic) SeedAccount(ctx context.Context) (int64, error) {
var err error var err error
var userID int64 var accountID int64
accountDescrs, err := lg.db.ListAccounts(ctx) accountDescrs, err := lg.db.ListAccounts(ctx)
if err != nil { if err != nil {
return userID, err return accountID, err
} }
if len(accountDescrs) == 0 { if len(accountDescrs) == 0 {
now := time.Now().Format(time.RFC3339) now := time.Now().Format(time.RFC3339)
@@ -36,9 +36,9 @@ func (lg *Logic) SeedAccount(ctx context.Context) (int64, error) {
} }
err = lg.db.InsertAccount(ctx, accountDescr) err = lg.db.InsertAccount(ctx, accountDescr)
if err != nil { if err != nil {
return userID, err return accountID, err
} }
userID = accountDescr.ID accountID = accountDescr.ID
grantTypes := []string{ grantTypes := []string{
descriptor.GrantModifyServices, descriptor.GrantModifyServices,
descriptor.GrantModifyUssuers, descriptor.GrantModifyUssuers,
@@ -52,13 +52,13 @@ func (lg *Logic) SeedAccount(ctx context.Context) (int64, error) {
} }
err = lg.db.InsertGrant(ctx, grantDescr) err = lg.db.InsertGrant(ctx, grantDescr)
if err != nil { if err != nil {
return userID, err return accountID, err
} }
} }
} }
return userID, err return accountID, err
} }

27
internal/logic/grants.go
View File

@@ -10,10 +10,19 @@ import (
"certmanager/pkg/cmctl" "certmanager/pkg/cmctl"
) )
func (lg *Logic) SetGrant(ctx context.Context, userID int64, params *cmctl.SetGrantParams) (*cmctl.SetGrantResult, error) { func (lg *Logic) SetGrant(ctx context.Context, accountID int64, params *cmctl.SetGrantParams) (*cmctl.SetGrantResult, error) {
var err error var err error
res := &cmctl.SetGrantResult{} res := &cmctl.SetGrantResult{}
grantExists, _, err := lg.db.GetGrant(ctx, accountID, descriptor.GrantModifyUsers)
if err != nil {
return res, err
}
if !grantExists {
err := fmt.Errorf("Operation not allowed for the user")
return res, err
}
grantTypes := []string{ grantTypes := []string{
descriptor.GrantModifyServices, descriptor.GrantModifyServices,
descriptor.GrantModifyUssuers, descriptor.GrantModifyUssuers,
@@ -50,8 +59,7 @@ func (lg *Logic) SetGrant(ctx context.Context, userID int64, params *cmctl.SetGr
return res, err return res, err
} }
//grantExists := true grantExists, _, err = lg.db.GetGrant(ctx, accountDescr.ID, params.Operation)
grantExists, _, err := lg.db.GetGrant(ctx, accountDescr.ID, params.Operation)
if err != nil { if err != nil {
return res, err return res, err
} }
@@ -73,10 +81,19 @@ func (lg *Logic) SetGrant(ctx context.Context, userID int64, params *cmctl.SetGr
return res, err return res, err
} }
func (lg *Logic) DeleteGrant(ctx context.Context, userID int64, params *cmctl.DeleteGrantParams) (*cmctl.DeleteGrantResult, error) { func (lg *Logic) DeleteGrant(ctx context.Context, accountID int64, params *cmctl.DeleteGrantParams) (*cmctl.DeleteGrantResult, error) {
var err error var err error
res := &cmctl.DeleteGrantResult{} res := &cmctl.DeleteGrantResult{}
grantExists, _, err := lg.db.GetGrant(ctx, accountID, descriptor.GrantModifyUsers)
if err != nil {
return res, err
}
if !grantExists {
err := fmt.Errorf("Operation not allowed for the user")
return res, err
}
grantTypes := []string{ grantTypes := []string{
descriptor.GrantModifyServices, descriptor.GrantModifyServices,
descriptor.GrantModifyUssuers, descriptor.GrantModifyUssuers,
@@ -113,7 +130,7 @@ func (lg *Logic) DeleteGrant(ctx context.Context, userID int64, params *cmctl.De
return res, err return res, err
} }
grantExists, _, err := lg.db.GetGrant(ctx, accountDescr.ID, params.Operation) grantExists, _, err = lg.db.GetGrant(ctx, accountDescr.ID, params.Operation)
if err != nil { if err != nil {
return res, err return res, err
} }

58
internal/logic/issuer.go
View File

@@ -11,10 +11,19 @@ import (
"certmanager/pkg/cmctl" "certmanager/pkg/cmctl"
) )
func (lg *Logic) CreateIssuerPair(ctx context.Context, userID int64, params *cmctl.CreateIssuerPairParams) (*cmctl.CreateIssuerPairResult, error) { func (lg *Logic) CreateIssuerPair(ctx context.Context, accountID int64, params *cmctl.CreateIssuerPairParams) (*cmctl.CreateIssuerPairResult, error) {
var err error var err error
res := &cmctl.CreateIssuerPairResult{} res := &cmctl.CreateIssuerPairResult{}
grantExists, _, err := lg.db.GetGrant(ctx, accountID, descriptor.GrantModifyUssuers)
if err != nil {
return res, err
}
if !grantExists {
err := fmt.Errorf("Operation not allowed for the user")
return res, err
}
var signerDescr *descriptor.Issuer var signerDescr *descriptor.Issuer
var signerExists bool var signerExists bool
if params.SignerID > 0 { if params.SignerID > 0 {
@@ -84,12 +93,22 @@ func (lg *Logic) CreateIssuerPair(ctx context.Context, userID int64, params *cmc
return res, err return res, err
} }
func (lg *Logic) GetIssuerCertificate(ctx context.Context, userID int64, params *cmctl.GetIssuerCertificateParams) (*cmctl.GetIssuerCertificateResult, error) { func (lg *Logic) GetIssuerCertificate(ctx context.Context, accountID int64, params *cmctl.GetIssuerCertificateParams) (*cmctl.GetIssuerCertificateResult, error) {
var err error var err error
res := &cmctl.GetIssuerCertificateResult{ res := &cmctl.GetIssuerCertificateResult{
SignerCertificates: make([]string, 0), SignerCertificates: make([]string, 0),
SignerNames: make([]string, 0), SignerNames: make([]string, 0),
} }
grantExists, _, err := lg.db.GetGrant(ctx, accountID, descriptor.GrantModifyUssuers)
if err != nil {
return res, err
}
if !grantExists {
err := fmt.Errorf("Operation not allowed for the user")
return res, err
}
var issuerDescr *descriptor.Issuer var issuerDescr *descriptor.Issuer
var issuerExists bool var issuerExists bool
switch { switch {
@@ -143,10 +162,19 @@ func (lg *Logic) GetIssuerCertificate(ctx context.Context, userID int64, params
return res, err return res, err
} }
func (lg *Logic) ImportIssuerPair(ctx context.Context, userID int64, params *cmctl.ImportIssuerPairParams) (*cmctl.ImportIssuerPairResult, error) { func (lg *Logic) ImportIssuerPair(ctx context.Context, accountID int64, params *cmctl.ImportIssuerPairParams) (*cmctl.ImportIssuerPairResult, error) {
var err error var err error
res := &cmctl.ImportIssuerPairResult{} res := &cmctl.ImportIssuerPairResult{}
grantExists, _, err := lg.db.GetGrant(ctx, accountID, descriptor.GrantModifyUssuers)
if err != nil {
return res, err
}
if !grantExists {
err := fmt.Errorf("Operation not allowed for the user")
return res, err
}
if params.Certificate == "" { if params.Certificate == "" {
err := fmt.Errorf("Empty issuer cerificata data") err := fmt.Errorf("Empty issuer cerificata data")
return res, err return res, err
@@ -218,10 +246,19 @@ func (lg *Logic) ImportIssuerPair(ctx context.Context, userID int64, params *cmc
return res, err return res, err
} }
func (lg *Logic) RevokeIssuerPair(ctx context.Context, userID int64, params *cmctl.RevokeIssuerPairParams) (*cmctl.RevokeIssuerPairResult, error) { func (lg *Logic) RevokeIssuerPair(ctx context.Context, accountID int64, params *cmctl.RevokeIssuerPairParams) (*cmctl.RevokeIssuerPairResult, error) {
var err error var err error
res := &cmctl.RevokeIssuerPairResult{} res := &cmctl.RevokeIssuerPairResult{}
grantExists, _, err := lg.db.GetGrant(ctx, accountID, descriptor.GrantModifyUssuers)
if err != nil {
return res, err
}
if !grantExists {
err := fmt.Errorf("Operation not allowed for the user")
return res, err
}
var issuerDescr *descriptor.Issuer var issuerDescr *descriptor.Issuer
var issuerExists bool var issuerExists bool
switch { switch {
@@ -263,10 +300,19 @@ func (lg *Logic) RevokeIssuerPair(ctx context.Context, userID int64, params *cmc
return res, err return res, err
} }
func (lg *Logic) UnrevokeIssuerPair(ctx context.Context, userID int64, params *cmctl.UnrevokeIssuerPairParams) (*cmctl.UnrevokeIssuerPairResult, error) { func (lg *Logic) UnrevokeIssuerPair(ctx context.Context, accountID int64, params *cmctl.UnrevokeIssuerPairParams) (*cmctl.UnrevokeIssuerPairResult, error) {
var err error var err error
res := &cmctl.UnrevokeIssuerPairResult{} res := &cmctl.UnrevokeIssuerPairResult{}
grantExists, _, err := lg.db.GetGrant(ctx, accountID, descriptor.GrantModifyUssuers)
if err != nil {
return res, err
}
if !grantExists {
err := fmt.Errorf("Operation not allowed for the user")
return res, err
}
var issuerDescr *descriptor.Issuer var issuerDescr *descriptor.Issuer
var issuerExists bool var issuerExists bool
switch { switch {
@@ -308,7 +354,7 @@ func (lg *Logic) UnrevokeIssuerPair(ctx context.Context, userID int64, params *c
return res, err return res, err
} }
func (lg *Logic) ListIssuerPairs(ctx context.Context, userID int64, params *cmctl.ListIssuerPairsParams) (*cmctl.ListIssuerPairsResult, error) { func (lg *Logic) ListIssuerPairs(ctx context.Context, accountID int64, params *cmctl.ListIssuerPairsParams) (*cmctl.ListIssuerPairsResult, error) {
var err error var err error
res := &cmctl.ListIssuerPairsResult{ res := &cmctl.ListIssuerPairsResult{
Issuers: make([]*cmctl.IssierShortDescriptor, 0), Issuers: make([]*cmctl.IssierShortDescriptor, 0),

47
internal/logic/service.go
View File

@@ -12,10 +12,19 @@ import (
"certmanager/pkg/cmctl" "certmanager/pkg/cmctl"
) )
func (lg *Logic) CreateServicePair(ctx context.Context, userID int64, params *cmctl.CreateServicePairParams) (*cmctl.CreateServicePairResult, error) { func (lg *Logic) CreateServicePair(ctx context.Context, accountID int64, params *cmctl.CreateServicePairParams) (*cmctl.CreateServicePairResult, error) {
var err error var err error
res := &cmctl.CreateServicePairResult{} res := &cmctl.CreateServicePairResult{}
grantExists, _, err := lg.db.GetGrant(ctx, accountID, descriptor.GrantModifyServices)
if err != nil {
return res, err
}
if !grantExists {
err := fmt.Errorf("Operation not allowed for the user")
return res, err
}
var issuerDescr *descriptor.Issuer var issuerDescr *descriptor.Issuer
var issuerExists bool var issuerExists bool
switch { switch {
@@ -93,11 +102,21 @@ func (lg *Logic) CreateServicePair(ctx context.Context, userID int64, params *cm
return res, err return res, err
} }
func (lg *Logic) GetServicePair(ctx context.Context, userID int64, params *cmctl.GetServicePairParams) (*cmctl.GetServicePairResult, error) { func (lg *Logic) GetServicePair(ctx context.Context, accountID int64, params *cmctl.GetServicePairParams) (*cmctl.GetServicePairResult, error) {
var err error var err error
res := &cmctl.GetServicePairResult{ res := &cmctl.GetServicePairResult{
IssuerCertificates: make([]string, 0), IssuerCertificates: make([]string, 0),
} }
grantExists, _, err := lg.db.GetGrant(ctx, accountID, descriptor.GrantModifyServices)
if err != nil {
return res, err
}
if !grantExists {
err := fmt.Errorf("Operation not allowed for the user")
return res, err
}
var serviceDescr *descriptor.Service var serviceDescr *descriptor.Service
var serviceExists bool var serviceExists bool
switch { switch {
@@ -276,7 +295,7 @@ func (lg *Logic) GetNextIssuerChain(ctx context.Context, deep int, firstIssuerDe
return res, err return res, err
} }
func (lg *Logic) ListServicePairs(ctx context.Context, userID int64, params *cmctl.ListServicePairsParams) (*cmctl.ListServicePairsResult, error) { func (lg *Logic) ListServicePairs(ctx context.Context, accountID int64, params *cmctl.ListServicePairsParams) (*cmctl.ListServicePairsResult, error) {
var err error var err error
res := &cmctl.ListServicePairsResult{ res := &cmctl.ListServicePairsResult{
Services: make([]*cmctl.ServiceShortDescriptor, 0), Services: make([]*cmctl.ServiceShortDescriptor, 0),
@@ -299,10 +318,19 @@ func (lg *Logic) ListServicePairs(ctx context.Context, userID int64, params *cmc
return res, err return res, err
} }
func (lg *Logic) RevokeServicePair(ctx context.Context, userID int64, params *cmctl.RevokeServicePairParams) (*cmctl.RevokeServicePairResult, error) { func (lg *Logic) RevokeServicePair(ctx context.Context, accountID int64, params *cmctl.RevokeServicePairParams) (*cmctl.RevokeServicePairResult, error) {
var err error var err error
res := &cmctl.RevokeServicePairResult{} res := &cmctl.RevokeServicePairResult{}
grantExists, _, err := lg.db.GetGrant(ctx, accountID, descriptor.GrantModifyServices)
if err != nil {
return res, err
}
if !grantExists {
err := fmt.Errorf("Operation not allowed for the user")
return res, err
}
var serviceDescr *descriptor.Service var serviceDescr *descriptor.Service
var serviceExists bool var serviceExists bool
switch { switch {
@@ -344,10 +372,19 @@ func (lg *Logic) RevokeServicePair(ctx context.Context, userID int64, params *cm
return res, err return res, err
} }
func (lg *Logic) UnrevokeServicePair(ctx context.Context, userID int64, params *cmctl.UnrevokeServicePairParams) (*cmctl.UnrevokeServicePairResult, error) { func (lg *Logic) UnrevokeServicePair(ctx context.Context, accountID int64, params *cmctl.UnrevokeServicePairParams) (*cmctl.UnrevokeServicePairResult, error) {
var err error var err error
res := &cmctl.UnrevokeServicePairResult{} res := &cmctl.UnrevokeServicePairResult{}
grantExists, _, err := lg.db.GetGrant(ctx, accountID, descriptor.GrantModifyServices)
if err != nil {
return res, err
}
if !grantExists {
err := fmt.Errorf("Operation not allowed for the user")
return res, err
}
var serviceDescr *descriptor.Service var serviceDescr *descriptor.Service
var serviceExists bool var serviceExists bool
switch { switch {