certmanager updates
This commit is contained in:
Олег Бородин
@@ -12,7 +12,7 @@ import (
|
||||
|
||||
func (hand *Handler) Authentificate(ctx context.Context) (int64, error) {
|
||||
var err error
|
||||
var userID int64
|
||||
var accountID int64
|
||||
|
||||
meta, _ := metadata.FromIncomingContext(ctx)
|
||||
hand.log.Debugf("Reqest username: %s", meta["username"])
|
||||
@@ -21,27 +21,27 @@ func (hand *Handler) Authentificate(ctx context.Context) (int64, error) {
|
||||
passwordArr := meta["password"]
|
||||
if len(usernameArr) == 0 || len(passwordArr) == 0 {
|
||||
err := status.Errorf(codes.PermissionDenied, "Empty auth data")
|
||||
return userID, err
|
||||
return accountID, err
|
||||
}
|
||||
username := meta["username"][0]
|
||||
password := meta["password"][0]
|
||||
validated, userID, err := hand.lg.ValidateAcount(ctx, username, password)
|
||||
validated, accountID, err := hand.lg.ValidateAcount(ctx, username, password)
|
||||
if !validated {
|
||||
err := status.Errorf(codes.PermissionDenied, "Wrong auth data")
|
||||
return userID, err
|
||||
return accountID, err
|
||||
}
|
||||
return userID, err
|
||||
return accountID, err
|
||||
}
|
||||
|
||||
func (hand *Handler) CreateAccount(ctx context.Context, params *cmctl.CreateAccountParams) (*cmctl.CreateAccountResult, error) {
|
||||
var err error
|
||||
hand.log.Debugf("Handle CreateAccount call")
|
||||
res := &cmctl.CreateAccountResult{}
|
||||
userID, err := hand.Authentificate(ctx)
|
||||
accountID, err := hand.Authentificate(ctx)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
res, err = hand.lg.CreateAccount(ctx, userID, params)
|
||||
res, err = hand.lg.CreateAccount(ctx, accountID, params)
|
||||
return res, err
|
||||
}
|
||||
|
||||
@@ -49,11 +49,11 @@ func (hand *Handler) DeleteAccount(ctx context.Context, params *cmctl.DeleteAcco
|
||||
var err error
|
||||
hand.log.Debugf("Handle DeleteAccount call")
|
||||
res := &cmctl.DeleteAccountResult{}
|
||||
userID, err := hand.Authentificate(ctx)
|
||||
accountID, err := hand.Authentificate(ctx)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
res, err = hand.lg.DeleteAccount(ctx, userID, params)
|
||||
res, err = hand.lg.DeleteAccount(ctx, accountID, params)
|
||||
return res, err
|
||||
}
|
||||
|
||||
@@ -61,11 +61,11 @@ func (hand *Handler) ListAccounts(ctx context.Context, params *cmctl.ListAccount
|
||||
var err error
|
||||
hand.log.Debugf("Handle ListAccounts call")
|
||||
res := &cmctl.ListAccountsResult{}
|
||||
userID, err := hand.Authentificate(ctx)
|
||||
accountID, err := hand.Authentificate(ctx)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
res, err = hand.lg.ListAccounts(ctx, userID, params)
|
||||
res, err = hand.lg.ListAccounts(ctx, accountID, params)
|
||||
return res, err
|
||||
}
|
||||
|
||||
@@ -73,10 +73,10 @@ func (hand *Handler) UpdateAccount(ctx context.Context, params *cmctl.UpdateAcco
|
||||
var err error
|
||||
hand.log.Debugf("Handle UpdateAccount call")
|
||||
res := &cmctl.UpdateAccountResult{}
|
||||
userID, err := hand.Authentificate(ctx)
|
||||
accountID, err := hand.Authentificate(ctx)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
res, err = hand.lg.UpdateAccount(ctx, userID, params)
|
||||
res, err = hand.lg.UpdateAccount(ctx, accountID, params)
|
||||
return res, err
|
||||
}
|
||||
|
||||
@@ -10,11 +10,11 @@ func (hand *Handler) SetGrant(ctx context.Context, params *cmctl.SetGrantParams)
|
||||
var err error
|
||||
hand.log.Debugf("Handle SetGrant call")
|
||||
res := &cmctl.SetGrantResult{}
|
||||
userID, err := hand.Authentificate(ctx)
|
||||
accountID, err := hand.Authentificate(ctx)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
res, err = hand.lg.SetGrant(ctx, userID, params)
|
||||
res, err = hand.lg.SetGrant(ctx, accountID, params)
|
||||
return res, err
|
||||
}
|
||||
|
||||
@@ -22,10 +22,10 @@ func (hand *Handler) DeleteGrant(ctx context.Context, params *cmctl.DeleteGrantP
|
||||
var err error
|
||||
hand.log.Debugf("Handle DeleteGrant call")
|
||||
res := &cmctl.DeleteGrantResult{}
|
||||
userID, err := hand.Authentificate(ctx)
|
||||
accountID, err := hand.Authentificate(ctx)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
res, err = hand.lg.DeleteGrant(ctx, userID, params)
|
||||
res, err = hand.lg.DeleteGrant(ctx, accountID, params)
|
||||
return res, err
|
||||
}
|
||||
|
||||
@@ -10,11 +10,11 @@ func (hand *Handler) CreateIssuerPair(ctx context.Context, params *cmctl.CreateI
|
||||
var err error
|
||||
hand.log.Debugf("Handle CreateIssuerPair call")
|
||||
res := &cmctl.CreateIssuerPairResult{}
|
||||
userID, err := hand.Authentificate(ctx)
|
||||
accountID, err := hand.Authentificate(ctx)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
res, err = hand.lg.CreateIssuerPair(ctx, userID, params)
|
||||
res, err = hand.lg.CreateIssuerPair(ctx, accountID, params)
|
||||
return res, err
|
||||
}
|
||||
|
||||
@@ -22,11 +22,11 @@ func (hand *Handler) ImportIssuerPair(ctx context.Context, params *cmctl.ImportI
|
||||
var err error
|
||||
hand.log.Debugf("Handle ImportIssuerPair call")
|
||||
res := &cmctl.ImportIssuerPairResult{}
|
||||
userID, err := hand.Authentificate(ctx)
|
||||
accountID, err := hand.Authentificate(ctx)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
res, err = hand.lg.ImportIssuerPair(ctx, userID, params)
|
||||
res, err = hand.lg.ImportIssuerPair(ctx, accountID, params)
|
||||
return res, err
|
||||
}
|
||||
|
||||
@@ -34,11 +34,11 @@ func (hand *Handler) RevokeIssuerPair(ctx context.Context, params *cmctl.RevokeI
|
||||
var err error
|
||||
hand.log.Debugf("Handle RevokeIssuerPair call")
|
||||
res := &cmctl.RevokeIssuerPairResult{}
|
||||
userID, err := hand.Authentificate(ctx)
|
||||
accountID, err := hand.Authentificate(ctx)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
res, err = hand.lg.RevokeIssuerPair(ctx, userID, params)
|
||||
res, err = hand.lg.RevokeIssuerPair(ctx, accountID, params)
|
||||
return res, err
|
||||
}
|
||||
|
||||
@@ -46,11 +46,11 @@ func (hand *Handler) UnrevokeIssuerPair(ctx context.Context, params *cmctl.Unrev
|
||||
var err error
|
||||
hand.log.Debugf("Handle UnrevokeIssuerPair call")
|
||||
res := &cmctl.UnrevokeIssuerPairResult{}
|
||||
userID, err := hand.Authentificate(ctx)
|
||||
accountID, err := hand.Authentificate(ctx)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
res, err = hand.lg.UnrevokeIssuerPair(ctx, userID, params)
|
||||
res, err = hand.lg.UnrevokeIssuerPair(ctx, accountID, params)
|
||||
return res, err
|
||||
}
|
||||
|
||||
@@ -58,11 +58,11 @@ func (hand *Handler) ListIssuerPairs(ctx context.Context, params *cmctl.ListIssu
|
||||
var err error
|
||||
hand.log.Debugf("Handle ListIssuerPairs call")
|
||||
res := &cmctl.ListIssuerPairsResult{}
|
||||
userID, err := hand.Authentificate(ctx)
|
||||
accountID, err := hand.Authentificate(ctx)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
res, err = hand.lg.ListIssuerPairs(ctx, userID, params)
|
||||
res, err = hand.lg.ListIssuerPairs(ctx, accountID, params)
|
||||
return res, err
|
||||
}
|
||||
|
||||
@@ -70,10 +70,10 @@ func (hand *Handler) GetIssuerCertificate(ctx context.Context, params *cmctl.Get
|
||||
var err error
|
||||
hand.log.Debugf("Handle GetIssuerCertificate call")
|
||||
res := &cmctl.GetIssuerCertificateResult{}
|
||||
userID, err := hand.Authentificate(ctx)
|
||||
accountID, err := hand.Authentificate(ctx)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
res, err = hand.lg.GetIssuerCertificate(ctx, userID, params)
|
||||
res, err = hand.lg.GetIssuerCertificate(ctx, accountID, params)
|
||||
return res, err
|
||||
}
|
||||
|
||||
@@ -10,11 +10,11 @@ func (hand *Handler) CreateServicePair(ctx context.Context, params *cmctl.Create
|
||||
var err error
|
||||
hand.log.Debugf("Handle CreateServicePair call")
|
||||
res := &cmctl.CreateServicePairResult{}
|
||||
userID, err := hand.Authentificate(ctx)
|
||||
accountID, err := hand.Authentificate(ctx)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
res, err = hand.lg.CreateServicePair(ctx, userID, params)
|
||||
res, err = hand.lg.CreateServicePair(ctx, accountID, params)
|
||||
return res, err
|
||||
}
|
||||
|
||||
@@ -22,11 +22,11 @@ func (hand *Handler) RevokeServicePair(ctx context.Context, params *cmctl.Revoke
|
||||
var err error
|
||||
hand.log.Debugf("Handle RevokeServicePair call")
|
||||
res := &cmctl.RevokeServicePairResult{}
|
||||
userID, err := hand.Authentificate(ctx)
|
||||
accountID, err := hand.Authentificate(ctx)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
res, err = hand.lg.RevokeServicePair(ctx, userID, params)
|
||||
res, err = hand.lg.RevokeServicePair(ctx, accountID, params)
|
||||
return res, err
|
||||
}
|
||||
|
||||
@@ -34,11 +34,11 @@ func (hand *Handler) UnrevokeServicePair(ctx context.Context, params *cmctl.Unre
|
||||
var err error
|
||||
hand.log.Debugf("Handle UnrevokeServicePair call")
|
||||
res := &cmctl.UnrevokeServicePairResult{}
|
||||
userID, err := hand.Authentificate(ctx)
|
||||
accountID, err := hand.Authentificate(ctx)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
res, err = hand.lg.UnrevokeServicePair(ctx, userID, params)
|
||||
res, err = hand.lg.UnrevokeServicePair(ctx, accountID, params)
|
||||
return res, err
|
||||
}
|
||||
|
||||
@@ -46,11 +46,11 @@ func (hand *Handler) ListServicePairs(ctx context.Context, params *cmctl.ListSer
|
||||
var err error
|
||||
hand.log.Debugf("Handle ListServicePairs call")
|
||||
res := &cmctl.ListServicePairsResult{}
|
||||
userID, err := hand.Authentificate(ctx)
|
||||
accountID, err := hand.Authentificate(ctx)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
res, err = hand.lg.ListServicePairs(ctx, userID, params)
|
||||
res, err = hand.lg.ListServicePairs(ctx, accountID, params)
|
||||
return res, err
|
||||
}
|
||||
|
||||
@@ -58,10 +58,10 @@ func (hand *Handler) GetServicePair(ctx context.Context, params *cmctl.GetServic
|
||||
var err error
|
||||
hand.log.Debugf("Handle GetServicePair call")
|
||||
res := &cmctl.GetServicePairResult{}
|
||||
userID, err := hand.Authentificate(ctx)
|
||||
accountID, err := hand.Authentificate(ctx)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
res, err = hand.lg.GetServicePair(ctx, userID, params)
|
||||
res, err = hand.lg.GetServicePair(ctx, accountID, params)
|
||||
return res, err
|
||||
}
|
||||
|
||||
@@ -12,27 +12,35 @@ import (
|
||||
|
||||
func (lg *Logic) ValidateAcount(ctx context.Context, username, password string) (bool, int64, error) {
|
||||
var err error
|
||||
var userID int64
|
||||
var accountID int64
|
||||
var valid bool
|
||||
|
||||
accountExists, accountDescr, err := lg.db.GetAccountByUsername(ctx, username)
|
||||
if !accountExists {
|
||||
err := fmt.Errorf("Account not exists")
|
||||
return valid, userID, err
|
||||
return valid, accountID, err
|
||||
}
|
||||
if password != accountDescr.Password {
|
||||
err := fmt.Errorf("Login data mismatch")
|
||||
return valid, userID, err
|
||||
return valid, accountID, err
|
||||
}
|
||||
valid = true
|
||||
userID = accountDescr.ID
|
||||
return valid, userID, err
|
||||
accountID = accountDescr.ID
|
||||
return valid, accountID, err
|
||||
}
|
||||
|
||||
func (lg *Logic) CreateAccount(ctx context.Context, userID int64, params *cmctl.CreateAccountParams) (*cmctl.CreateAccountResult, error) {
|
||||
func (lg *Logic) CreateAccount(ctx context.Context, accountID int64, params *cmctl.CreateAccountParams) (*cmctl.CreateAccountResult, error) {
|
||||
var err error
|
||||
res := &cmctl.CreateAccountResult{}
|
||||
|
||||
grantExists, _, err := lg.db.GetGrant(ctx, accountID, descriptor.GrantModifyUsers)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
if !grantExists {
|
||||
err := fmt.Errorf("Operation not allowed for the user")
|
||||
return res, err
|
||||
}
|
||||
if params.Username == "" {
|
||||
err := fmt.Errorf("Empty username parameters")
|
||||
return res, err
|
||||
@@ -68,10 +76,19 @@ func (lg *Logic) CreateAccount(ctx context.Context, userID int64, params *cmctl.
|
||||
return res, err
|
||||
}
|
||||
|
||||
func (lg *Logic) UpdateAccount(ctx context.Context, userID int64, params *cmctl.UpdateAccountParams) (*cmctl.UpdateAccountResult, error) {
|
||||
func (lg *Logic) UpdateAccount(ctx context.Context, accountID int64, params *cmctl.UpdateAccountParams) (*cmctl.UpdateAccountResult, error) {
|
||||
var err error
|
||||
res := &cmctl.UpdateAccountResult{}
|
||||
|
||||
grantExists, _, err := lg.db.GetGrant(ctx, accountID, descriptor.GrantModifyUsers)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
if !grantExists {
|
||||
err := fmt.Errorf("Operation not allowed for the user")
|
||||
return res, err
|
||||
}
|
||||
|
||||
var accountDescr *descriptor.Account
|
||||
var accountExists bool
|
||||
switch {
|
||||
@@ -111,10 +128,19 @@ func (lg *Logic) UpdateAccount(ctx context.Context, userID int64, params *cmctl.
|
||||
return res, err
|
||||
}
|
||||
|
||||
func (lg *Logic) DeleteAccount(ctx context.Context, userID int64, params *cmctl.DeleteAccountParams) (*cmctl.DeleteAccountResult, error) {
|
||||
func (lg *Logic) DeleteAccount(ctx context.Context, accountID int64, params *cmctl.DeleteAccountParams) (*cmctl.DeleteAccountResult, error) {
|
||||
var err error
|
||||
res := &cmctl.DeleteAccountResult{}
|
||||
|
||||
grantExists, _, err := lg.db.GetGrant(ctx, accountID, descriptor.GrantModifyUsers)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
if !grantExists {
|
||||
err := fmt.Errorf("Operation not allowed for the user")
|
||||
return res, err
|
||||
}
|
||||
|
||||
var accountDescr *descriptor.Account
|
||||
var accountExists bool
|
||||
switch {
|
||||
@@ -145,11 +171,21 @@ func (lg *Logic) DeleteAccount(ctx context.Context, userID int64, params *cmctl.
|
||||
return res, err
|
||||
}
|
||||
|
||||
func (lg *Logic) ListAccounts(ctx context.Context, userID int64, params *cmctl.ListAccountsParams) (*cmctl.ListAccountsResult, error) {
|
||||
func (lg *Logic) ListAccounts(ctx context.Context, accountID int64, params *cmctl.ListAccountsParams) (*cmctl.ListAccountsResult, error) {
|
||||
var err error
|
||||
res := &cmctl.ListAccountsResult{
|
||||
Accounts: make([]*cmctl.AccountShortDescr, 0),
|
||||
}
|
||||
|
||||
grantExists, _, err := lg.db.GetGrant(ctx, accountID, descriptor.GrantModifyUsers)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
if !grantExists {
|
||||
err := fmt.Errorf("Operation not allowed for the user")
|
||||
return res, err
|
||||
}
|
||||
|
||||
accountDescrs, err := lg.db.ListAccounts(ctx)
|
||||
if err != nil {
|
||||
return res, err
|
||||
|
||||
@@ -19,10 +19,10 @@ func (lg *Logic) CleanDatabase(ctx context.Context) error {
|
||||
|
||||
func (lg *Logic) SeedAccount(ctx context.Context) (int64, error) {
|
||||
var err error
|
||||
var userID int64
|
||||
var accountID int64
|
||||
accountDescrs, err := lg.db.ListAccounts(ctx)
|
||||
if err != nil {
|
||||
return userID, err
|
||||
return accountID, err
|
||||
}
|
||||
if len(accountDescrs) == 0 {
|
||||
now := time.Now().Format(time.RFC3339)
|
||||
@@ -36,9 +36,9 @@ func (lg *Logic) SeedAccount(ctx context.Context) (int64, error) {
|
||||
}
|
||||
err = lg.db.InsertAccount(ctx, accountDescr)
|
||||
if err != nil {
|
||||
return userID, err
|
||||
return accountID, err
|
||||
}
|
||||
userID = accountDescr.ID
|
||||
accountID = accountDescr.ID
|
||||
grantTypes := []string{
|
||||
descriptor.GrantModifyServices,
|
||||
descriptor.GrantModifyUssuers,
|
||||
@@ -52,13 +52,13 @@ func (lg *Logic) SeedAccount(ctx context.Context) (int64, error) {
|
||||
}
|
||||
err = lg.db.InsertGrant(ctx, grantDescr)
|
||||
if err != nil {
|
||||
return userID, err
|
||||
return accountID, err
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
return userID, err
|
||||
return accountID, err
|
||||
|
||||
}
|
||||
|
||||
@@ -10,10 +10,19 @@ import (
|
||||
"certmanager/pkg/cmctl"
|
||||
)
|
||||
|
||||
func (lg *Logic) SetGrant(ctx context.Context, userID int64, params *cmctl.SetGrantParams) (*cmctl.SetGrantResult, error) {
|
||||
func (lg *Logic) SetGrant(ctx context.Context, accountID int64, params *cmctl.SetGrantParams) (*cmctl.SetGrantResult, error) {
|
||||
var err error
|
||||
res := &cmctl.SetGrantResult{}
|
||||
|
||||
grantExists, _, err := lg.db.GetGrant(ctx, accountID, descriptor.GrantModifyUsers)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
if !grantExists {
|
||||
err := fmt.Errorf("Operation not allowed for the user")
|
||||
return res, err
|
||||
}
|
||||
|
||||
grantTypes := []string{
|
||||
descriptor.GrantModifyServices,
|
||||
descriptor.GrantModifyUssuers,
|
||||
@@ -50,8 +59,7 @@ func (lg *Logic) SetGrant(ctx context.Context, userID int64, params *cmctl.SetGr
|
||||
return res, err
|
||||
}
|
||||
|
||||
//grantExists := true
|
||||
grantExists, _, err := lg.db.GetGrant(ctx, accountDescr.ID, params.Operation)
|
||||
grantExists, _, err = lg.db.GetGrant(ctx, accountDescr.ID, params.Operation)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
@@ -73,10 +81,19 @@ func (lg *Logic) SetGrant(ctx context.Context, userID int64, params *cmctl.SetGr
|
||||
return res, err
|
||||
}
|
||||
|
||||
func (lg *Logic) DeleteGrant(ctx context.Context, userID int64, params *cmctl.DeleteGrantParams) (*cmctl.DeleteGrantResult, error) {
|
||||
func (lg *Logic) DeleteGrant(ctx context.Context, accountID int64, params *cmctl.DeleteGrantParams) (*cmctl.DeleteGrantResult, error) {
|
||||
var err error
|
||||
res := &cmctl.DeleteGrantResult{}
|
||||
|
||||
grantExists, _, err := lg.db.GetGrant(ctx, accountID, descriptor.GrantModifyUsers)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
if !grantExists {
|
||||
err := fmt.Errorf("Operation not allowed for the user")
|
||||
return res, err
|
||||
}
|
||||
|
||||
grantTypes := []string{
|
||||
descriptor.GrantModifyServices,
|
||||
descriptor.GrantModifyUssuers,
|
||||
@@ -113,7 +130,7 @@ func (lg *Logic) DeleteGrant(ctx context.Context, userID int64, params *cmctl.De
|
||||
return res, err
|
||||
}
|
||||
|
||||
grantExists, _, err := lg.db.GetGrant(ctx, accountDescr.ID, params.Operation)
|
||||
grantExists, _, err = lg.db.GetGrant(ctx, accountDescr.ID, params.Operation)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
|
||||
@@ -11,10 +11,19 @@ import (
|
||||
"certmanager/pkg/cmctl"
|
||||
)
|
||||
|
||||
func (lg *Logic) CreateIssuerPair(ctx context.Context, userID int64, params *cmctl.CreateIssuerPairParams) (*cmctl.CreateIssuerPairResult, error) {
|
||||
func (lg *Logic) CreateIssuerPair(ctx context.Context, accountID int64, params *cmctl.CreateIssuerPairParams) (*cmctl.CreateIssuerPairResult, error) {
|
||||
var err error
|
||||
res := &cmctl.CreateIssuerPairResult{}
|
||||
|
||||
grantExists, _, err := lg.db.GetGrant(ctx, accountID, descriptor.GrantModifyUssuers)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
if !grantExists {
|
||||
err := fmt.Errorf("Operation not allowed for the user")
|
||||
return res, err
|
||||
}
|
||||
|
||||
var signerDescr *descriptor.Issuer
|
||||
var signerExists bool
|
||||
if params.SignerID > 0 {
|
||||
@@ -84,12 +93,22 @@ func (lg *Logic) CreateIssuerPair(ctx context.Context, userID int64, params *cmc
|
||||
return res, err
|
||||
}
|
||||
|
||||
func (lg *Logic) GetIssuerCertificate(ctx context.Context, userID int64, params *cmctl.GetIssuerCertificateParams) (*cmctl.GetIssuerCertificateResult, error) {
|
||||
func (lg *Logic) GetIssuerCertificate(ctx context.Context, accountID int64, params *cmctl.GetIssuerCertificateParams) (*cmctl.GetIssuerCertificateResult, error) {
|
||||
var err error
|
||||
res := &cmctl.GetIssuerCertificateResult{
|
||||
SignerCertificates: make([]string, 0),
|
||||
SignerNames: make([]string, 0),
|
||||
}
|
||||
|
||||
grantExists, _, err := lg.db.GetGrant(ctx, accountID, descriptor.GrantModifyUssuers)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
if !grantExists {
|
||||
err := fmt.Errorf("Operation not allowed for the user")
|
||||
return res, err
|
||||
}
|
||||
|
||||
var issuerDescr *descriptor.Issuer
|
||||
var issuerExists bool
|
||||
switch {
|
||||
@@ -143,10 +162,19 @@ func (lg *Logic) GetIssuerCertificate(ctx context.Context, userID int64, params
|
||||
return res, err
|
||||
}
|
||||
|
||||
func (lg *Logic) ImportIssuerPair(ctx context.Context, userID int64, params *cmctl.ImportIssuerPairParams) (*cmctl.ImportIssuerPairResult, error) {
|
||||
func (lg *Logic) ImportIssuerPair(ctx context.Context, accountID int64, params *cmctl.ImportIssuerPairParams) (*cmctl.ImportIssuerPairResult, error) {
|
||||
var err error
|
||||
res := &cmctl.ImportIssuerPairResult{}
|
||||
|
||||
grantExists, _, err := lg.db.GetGrant(ctx, accountID, descriptor.GrantModifyUssuers)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
if !grantExists {
|
||||
err := fmt.Errorf("Operation not allowed for the user")
|
||||
return res, err
|
||||
}
|
||||
|
||||
if params.Certificate == "" {
|
||||
err := fmt.Errorf("Empty issuer cerificata data")
|
||||
return res, err
|
||||
@@ -218,10 +246,19 @@ func (lg *Logic) ImportIssuerPair(ctx context.Context, userID int64, params *cmc
|
||||
return res, err
|
||||
}
|
||||
|
||||
func (lg *Logic) RevokeIssuerPair(ctx context.Context, userID int64, params *cmctl.RevokeIssuerPairParams) (*cmctl.RevokeIssuerPairResult, error) {
|
||||
func (lg *Logic) RevokeIssuerPair(ctx context.Context, accountID int64, params *cmctl.RevokeIssuerPairParams) (*cmctl.RevokeIssuerPairResult, error) {
|
||||
var err error
|
||||
res := &cmctl.RevokeIssuerPairResult{}
|
||||
|
||||
grantExists, _, err := lg.db.GetGrant(ctx, accountID, descriptor.GrantModifyUssuers)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
if !grantExists {
|
||||
err := fmt.Errorf("Operation not allowed for the user")
|
||||
return res, err
|
||||
}
|
||||
|
||||
var issuerDescr *descriptor.Issuer
|
||||
var issuerExists bool
|
||||
switch {
|
||||
@@ -263,10 +300,19 @@ func (lg *Logic) RevokeIssuerPair(ctx context.Context, userID int64, params *cmc
|
||||
return res, err
|
||||
}
|
||||
|
||||
func (lg *Logic) UnrevokeIssuerPair(ctx context.Context, userID int64, params *cmctl.UnrevokeIssuerPairParams) (*cmctl.UnrevokeIssuerPairResult, error) {
|
||||
func (lg *Logic) UnrevokeIssuerPair(ctx context.Context, accountID int64, params *cmctl.UnrevokeIssuerPairParams) (*cmctl.UnrevokeIssuerPairResult, error) {
|
||||
var err error
|
||||
res := &cmctl.UnrevokeIssuerPairResult{}
|
||||
|
||||
grantExists, _, err := lg.db.GetGrant(ctx, accountID, descriptor.GrantModifyUssuers)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
if !grantExists {
|
||||
err := fmt.Errorf("Operation not allowed for the user")
|
||||
return res, err
|
||||
}
|
||||
|
||||
var issuerDescr *descriptor.Issuer
|
||||
var issuerExists bool
|
||||
switch {
|
||||
@@ -308,7 +354,7 @@ func (lg *Logic) UnrevokeIssuerPair(ctx context.Context, userID int64, params *c
|
||||
return res, err
|
||||
}
|
||||
|
||||
func (lg *Logic) ListIssuerPairs(ctx context.Context, userID int64, params *cmctl.ListIssuerPairsParams) (*cmctl.ListIssuerPairsResult, error) {
|
||||
func (lg *Logic) ListIssuerPairs(ctx context.Context, accountID int64, params *cmctl.ListIssuerPairsParams) (*cmctl.ListIssuerPairsResult, error) {
|
||||
var err error
|
||||
res := &cmctl.ListIssuerPairsResult{
|
||||
Issuers: make([]*cmctl.IssierShortDescriptor, 0),
|
||||
|
||||
@@ -12,10 +12,19 @@ import (
|
||||
"certmanager/pkg/cmctl"
|
||||
)
|
||||
|
||||
func (lg *Logic) CreateServicePair(ctx context.Context, userID int64, params *cmctl.CreateServicePairParams) (*cmctl.CreateServicePairResult, error) {
|
||||
func (lg *Logic) CreateServicePair(ctx context.Context, accountID int64, params *cmctl.CreateServicePairParams) (*cmctl.CreateServicePairResult, error) {
|
||||
var err error
|
||||
res := &cmctl.CreateServicePairResult{}
|
||||
|
||||
grantExists, _, err := lg.db.GetGrant(ctx, accountID, descriptor.GrantModifyServices)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
if !grantExists {
|
||||
err := fmt.Errorf("Operation not allowed for the user")
|
||||
return res, err
|
||||
}
|
||||
|
||||
var issuerDescr *descriptor.Issuer
|
||||
var issuerExists bool
|
||||
switch {
|
||||
@@ -93,11 +102,21 @@ func (lg *Logic) CreateServicePair(ctx context.Context, userID int64, params *cm
|
||||
return res, err
|
||||
}
|
||||
|
||||
func (lg *Logic) GetServicePair(ctx context.Context, userID int64, params *cmctl.GetServicePairParams) (*cmctl.GetServicePairResult, error) {
|
||||
func (lg *Logic) GetServicePair(ctx context.Context, accountID int64, params *cmctl.GetServicePairParams) (*cmctl.GetServicePairResult, error) {
|
||||
var err error
|
||||
res := &cmctl.GetServicePairResult{
|
||||
IssuerCertificates: make([]string, 0),
|
||||
}
|
||||
|
||||
grantExists, _, err := lg.db.GetGrant(ctx, accountID, descriptor.GrantModifyServices)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
if !grantExists {
|
||||
err := fmt.Errorf("Operation not allowed for the user")
|
||||
return res, err
|
||||
}
|
||||
|
||||
var serviceDescr *descriptor.Service
|
||||
var serviceExists bool
|
||||
switch {
|
||||
@@ -276,7 +295,7 @@ func (lg *Logic) GetNextIssuerChain(ctx context.Context, deep int, firstIssuerDe
|
||||
return res, err
|
||||
}
|
||||
|
||||
func (lg *Logic) ListServicePairs(ctx context.Context, userID int64, params *cmctl.ListServicePairsParams) (*cmctl.ListServicePairsResult, error) {
|
||||
func (lg *Logic) ListServicePairs(ctx context.Context, accountID int64, params *cmctl.ListServicePairsParams) (*cmctl.ListServicePairsResult, error) {
|
||||
var err error
|
||||
res := &cmctl.ListServicePairsResult{
|
||||
Services: make([]*cmctl.ServiceShortDescriptor, 0),
|
||||
@@ -299,10 +318,19 @@ func (lg *Logic) ListServicePairs(ctx context.Context, userID int64, params *cmc
|
||||
return res, err
|
||||
}
|
||||
|
||||
func (lg *Logic) RevokeServicePair(ctx context.Context, userID int64, params *cmctl.RevokeServicePairParams) (*cmctl.RevokeServicePairResult, error) {
|
||||
func (lg *Logic) RevokeServicePair(ctx context.Context, accountID int64, params *cmctl.RevokeServicePairParams) (*cmctl.RevokeServicePairResult, error) {
|
||||
var err error
|
||||
res := &cmctl.RevokeServicePairResult{}
|
||||
|
||||
grantExists, _, err := lg.db.GetGrant(ctx, accountID, descriptor.GrantModifyServices)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
if !grantExists {
|
||||
err := fmt.Errorf("Operation not allowed for the user")
|
||||
return res, err
|
||||
}
|
||||
|
||||
var serviceDescr *descriptor.Service
|
||||
var serviceExists bool
|
||||
switch {
|
||||
@@ -344,10 +372,19 @@ func (lg *Logic) RevokeServicePair(ctx context.Context, userID int64, params *cm
|
||||
return res, err
|
||||
}
|
||||
|
||||
func (lg *Logic) UnrevokeServicePair(ctx context.Context, userID int64, params *cmctl.UnrevokeServicePairParams) (*cmctl.UnrevokeServicePairResult, error) {
|
||||
func (lg *Logic) UnrevokeServicePair(ctx context.Context, accountID int64, params *cmctl.UnrevokeServicePairParams) (*cmctl.UnrevokeServicePairResult, error) {
|
||||
var err error
|
||||
res := &cmctl.UnrevokeServicePairResult{}
|
||||
|
||||
grantExists, _, err := lg.db.GetGrant(ctx, accountID, descriptor.GrantModifyServices)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
if !grantExists {
|
||||
err := fmt.Errorf("Operation not allowed for the user")
|
||||
return res, err
|
||||
}
|
||||
|
||||
var serviceDescr *descriptor.Service
|
||||
var serviceExists bool
|
||||
switch {
|
||||
|
||||
Reference in New Issue
Block a user