ziggi/certmanager
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

certmanager update

Browse Source
This commit is contained in:
Олег Бородин
2024-08-10 14:46:07 +02:00
parent 1cdbd2b034
commit 1314355110
13 changed files with 1200 additions and 746 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
internal/config/path.go
View File

@@ -1,8 +1,8 @@
package config
const (
confdirPath = "/usr/local/etc/certmanager"
rundirPath = "/var/run/certmanager"
logdirPath = "/var/log/certmanager"
datadirPath = "/var/data/certmanager"
confdirPath = "/home/ziggi/Projects/certman/etc/certmanager"
rundirPath = "/home/ziggi/Projects/certman/tmp/run"
logdirPath = "/home/ziggi/Projects/certman/tmp/log"
datadirPath = "/home/ziggi/Projects/certman/tmp/data"
)

34
internal/database/database.go
View File

@@ -11,7 +11,7 @@ import (
)
const schema = `
DROP TABLE IF EXISTS issuer;
--- DROP TABLE IF EXISTS issuer;
CREATE TABLE IF NOT EXISTS issuer (
id INT NOT NULL,
name TEXT NOT NULL,
@@ -21,10 +21,12 @@ const schema = `
signer_name TEXT NOT NULL,
revoked BOOL
);
CREATE INDEX IF NOT EXISTS issuer_index
ON issuer(id, name);
CREATE UNIQUE INDEX IF NOT EXISTS issuer_index01
ON issuer(id);
CREATE UNIQUE INDEX IF NOT EXISTS issuer_index02
ON issuer(name);
DROP TABLE IF EXISTS service;
--- DROP TABLE IF EXISTS service;
CREATE TABLE IF NOT EXISTS service (
id INT NOT NULL,
issuer_id INT NOT NULL,
@@ -34,10 +36,12 @@ const schema = `
key TEXT NOT NULL,
revoked BOOL
);
CREATE INDEX IF NOT EXISTS service_index
ON issuer(id, name);
CREATE UNIQUE INDEX IF NOT EXISTS service_index01
ON service(id);
CREATE UNIQUE INDEX IF NOT EXISTS service_index02
ON service(name);
DROP TABLE IF EXISTS account;
--- DROP TABLE IF EXISTS account;
CREATE TABLE IF NOT EXISTS account (
id INT NOT NULL,
username TEXT NOT NULL,
@@ -46,14 +50,24 @@ const schema = `
updated_at TEXT NOT NULL,
disabled BOOL
);
CREATE UNIQUE INDEX IF NOT EXISTS account_index01
ON account(id);
CREATE UNIQUE INDEX IF NOT EXISTS account_index02
ON account(username);
DROP TABLE IF EXISTS grant;
--- DROP TABLE IF EXISTS grant;
CREATE TABLE IF NOT EXISTS grant (
id INT NOT NULL,
account_id INT NOT NULL,
operation TEXT NOT NULL,
subject_id INT NOT NULL
created_at TEXT NOT NULL
);
CREATE INDEX IF NOT EXISTS grant_index01
ON grant(account_id);
CREATE UNIQUE INDEX IF NOT EXISTS grant_index02
ON grant(account_id, operation);
`
type Database struct {
@@ -98,6 +112,8 @@ func (db *Database) CleanDatabase(ctx context.Context) error {
request := `
DELETE FROM issuer;
DELETE FROM service;
DELETE FROM user;
DELETE FROM grant;
`
_, err = db.db.Exec(request)
if err != nil {

59
internal/database/grant.go
View File

@@ -8,19 +8,11 @@ import (
_ "github.com/mattn/go-sqlite3"
)
//type Grant struct {
//ID int64 `json:"id" yaml:"id" db:"id"`
//AccountID int64 `json:"accountID" yaml:"accountID" db:"account_id"`
//Operation string `json:"operation" yaml:"operation" db:"operation"`
//SubjectID int64 `json:"subjectID" yaml:"subjectID" db:"subjectID"`
//}
func (db *Database) InsertGrant(ctx context.Context, grant *descriptor.Grant) error {
var err error
request := `INSERT INTO grant(id, account_id, operation, subject_id)
request := `INSERT INTO grant(id, account_id, operation, created_at)
VALUES ($1, $2, $3, $4)`
_, err = db.db.Exec(request, grant.ID, grant.AccountID, grant.Operation,
grant.SubjectID)
_, err = db.db.Exec(request, grant.ID, grant.AccountID, grant.Operation, grant.CreatedAt)
if err != nil {
return err
}
@@ -29,7 +21,7 @@ func (db *Database) InsertGrant(ctx context.Context, grant *descriptor.Grant) er
func (db *Database) ListGrantsByAccountID(ctx context.Context, accountID int64) ([]descriptor.Grant, error) {
var err error
request := `SELECT * FROM grant WHERE `
request := `SELECT * FROM grant WHERE account_id = $1`
res := make([]descriptor.Grant, 0)
err = db.db.Select(&res, request, accountID)
if err != nil {
@@ -38,42 +30,39 @@ func (db *Database) ListGrantsByAccountID(ctx context.Context, accountID int64)
return res, err
}
func (db *Database) GetGrant(ctx context.Context, accountID, subjectID int64) (bool, []*descriptor.Grant, error) {
func (db *Database) GetGrant(ctx context.Context, accountID int64, operation string) (bool, *descriptor.Grant, error) {
var err error
var res []*descriptor.Grant
var exists bool
request := `SELECT id, operation, grant_id, subject_id FROM grant
WHERE account_id = $1
AND subject_id = $1`
dbRes := make([]*descriptor.Grant, 0)
err = db.db.Select(&dbRes, request, accountID, subjectID)
res := &descriptor.Grant{}
request := `SELECT * FROM grant WHERE account_id = $1 AND operation = $2 LIMIT 1`
dbRes := make([]descriptor.Grant, 0)
err = db.db.Select(&dbRes, request, accountID, operation)
if err != nil {
return exists, res, err
return false, res, err
}
if len(dbRes) == 0 {
return false, res, err
}
exists = true
res = dbRes
return exists, res, err
res = &dbRes[0]
return true, res, err
}
func (db *Database) DeleteGrantByAccountID(ctx context.Context, grantID int64) error {
func (db *Database) DeleteGrantByAccountID(ctx context.Context, grantID int64, operation string) error {
var err error
request := `DELETE FROM grant WHERE grant_id = $1`
request := `DELETE FROM grant WHERE account_id = $1 AND operation = $2`
_, err = db.db.Exec(request, grantID, operation)
if err != nil {
return err
}
return err
}
func (db *Database) DeleteAllGrantsForAccountID(ctx context.Context, grantID int64) error {
var err error
request := `DELETE FROM grant WHERE account_id = $1`
_, err = db.db.Exec(request, grantID)
if err != nil {
return err
}
return err
}
func (db *Database) DeleteGrantsBySubjectID(ctx context.Context, subjectID int64) error {
var err error
request := `DELETE FROM grant WHERE subject_id = $1`
_, err = db.db.Exec(request, subjectID)
if err != nil {
return err
}
return err
}

12
internal/descriptor/descriptor.go
View File

@@ -1,13 +1,9 @@
package descriptor
const (
OperationAddGrant = "addGrant"
OperationDeleteGrant = "deleteGrant"
OperationCreateIssuerPair = "createIssuerPair"
OperationRevokeIssuerPair = "revokeIssuerPair"
OperationCreateServicePair = "createSericePair"
OperationRevokeServicePair = "revokeServicePair"
OperationGetServicePair = "getServicePair"
GrantModifyServices = "modifyServices"
GrantModifyUssuers = "modifyIssuers"
GrantModifyUsers = "modifyUsers"
)
type Issuer struct {
@@ -43,5 +39,5 @@ type Grant struct {
ID int64 `json:"id" yaml:"id" db:"id"`
AccountID int64 `json:"accountID" yaml:"accountID" db:"account_id"`
Operation string `json:"operation" yaml:"operation" db:"operation"`
SubjectID int64 `json:"subjectID" yaml:"subjectID" db:"subject_id"`
CreatedAt string `json:"createdAt" yaml:"createdAt" db:"created_at"`
}

58
internal/logic/account.go
View File

@@ -10,33 +10,6 @@ import (
"certmanager/pkg/cmctl"
)
func (lg *Logic) SeedAccount(ctx context.Context) (int64, error) {
var err error
var userID int64
accountDescrs, err := lg.db.ListAccounts(ctx)
if err != nil {
return userID, err
}
if len(accountDescrs) == 0 {
now := time.Now().Format(time.RFC3339)
accountDescr := &descriptor.Account{
ID: auxid.GenID(),
Username: "certman",
Password: "certman",
Disabled: false,
CreatedAt: now,
UpdatedAt: now,
}
err = lg.db.InsertAccount(ctx, accountDescr)
if err != nil {
return userID, err
}
userID = accountDescr.ID
}
return userID, err
}
func (lg *Logic) ValidateAcount(ctx context.Context, username, password string) (bool, int64, error) {
var err error
var userID int64
@@ -54,13 +27,22 @@ func (lg *Logic) ValidateAcount(ctx context.Context, username, password string)
valid = true
userID = accountDescr.ID
return valid, userID, err
}
func (lg *Logic) CreateAccount(ctx context.Context, userID int64, params *cmctl.CreateAccountParams) (*cmctl.CreateAccountResult, error) {
var err error
res := &cmctl.CreateAccountResult{}
if params.Username == "" {
err := fmt.Errorf("Empty username parameters")
return res, err
}
if params.Password == "" {
err := fmt.Errorf("Empty password parameter")
return res, err
}
accountExists, _, err := lg.db.GetAccountByUsername(ctx, params.Username)
if err != nil {
return res, err
@@ -152,6 +134,10 @@ func (lg *Logic) DeleteAccount(ctx context.Context, userID int64, params *cmctl.
return res, err
}
err = lg.db.DeleteAllGrantsForAccountID(ctx, accountDescr.ID)
if err != nil {
return res, err
}
err = lg.db.DeleteAccountByID(ctx, accountDescr.ID)
if err != nil {
return res, err
@@ -169,13 +155,25 @@ func (lg *Logic) ListAccounts(ctx context.Context, userID int64, params *cmctl.L
return res, err
}
for _, accountDescr := range accountDescrs {
shortDescr := &cmctl.AccountShortDescr{
accountShortDescr := &cmctl.AccountShortDescr{
Username: accountDescr.Username,
Disabled: accountDescr.Disabled,
CreatedAt: accountDescr.CreatedAt,
UpdatedAt: accountDescr.UpdatedAt,
Grants: make([]*cmctl.GrantShortDescr, 0),
}
res.Accounts = append(res.Accounts, shortDescr)
grantDescrs, err := lg.db.ListGrantsByAccountID(ctx, accountDescr.ID)
if err != nil {
return res, err
}
for _, grantDescrs := range grantDescrs {
grantShortDescrs := &cmctl.GrantShortDescr{
Operation: grantDescrs.Operation,
CreatedAt: grantDescrs.CreatedAt,
}
accountShortDescr.Grants = append(accountShortDescr.Grants, grantShortDescrs)
}
res.Accounts = append(res.Accounts, accountShortDescr)
}
return res, err
}

15
internal/server/server.go
View File

@@ -93,12 +93,6 @@ func (srv *Server) Build() error {
if err != nil {
return err
}
// Seed accounts
ctx, _ := context.WithTimeout(context.Background(), 1*time.Second)
_, err = srv.lg.SeedAccount(ctx)
if err != nil {
return err
}
// Create whandler
whandlerConfig := &whandler.HandlerConfig{
@@ -164,12 +158,19 @@ func (srv *Server) Run() error {
}
srv.log.Infof("Running server as user %s", currUser.Username)
// Show current user
// Initialize database
err = srv.db.InitDatabase()
if err != nil {
return err
}
// Seed accounts
ctx, _ := context.WithTimeout(context.Background(), 1*time.Second)
_, err = srv.lg.SeedAccount(ctx)
if err != nil {
return err
}
sigs := make(chan os.Signal, 1)
gdone := make(chan error, 1)
wdone := make(chan error, 1)