From cab7eac36e75338bdf6f8020799d2aa93a3ab70d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=9E=D0=BB=D0=B5=D0=B3=20=D0=91=D0=BE=D1=80=D0=BE=D0=B4?= =?UTF-8?q?=D0=B8=D0=BD?= Date: Sat, 10 Aug 2024 14:46:26 +0200 Subject: [PATCH] certmanager update --- internal/grpc/handler/grant.go | 31 ++++++++ internal/logic/database.go | 64 ++++++++++++++++ internal/logic/grants.go | 129 +++++++++++++++++++++++++++++++++ 3 files changed, 224 insertions(+) create mode 100644 internal/grpc/handler/grant.go create mode 100644 internal/logic/database.go create mode 100644 internal/logic/grants.go diff --git a/internal/grpc/handler/grant.go b/internal/grpc/handler/grant.go new file mode 100644 index 0000000..b900642 --- /dev/null +++ b/internal/grpc/handler/grant.go @@ -0,0 +1,31 @@ +package handler + +import ( + "context" + + "certmanager/pkg/cmctl" +) + +func (hand *Handler) SetGrant(ctx context.Context, params *cmctl.SetGrantParams) (*cmctl.SetGrantResult, error) { + var err error + hand.log.Debugf("Handle SetGrant call") + res := &cmctl.SetGrantResult{} + userID, err := hand.Authentificate(ctx) + if err != nil { + return res, err + } + res, err = hand.lg.SetGrant(ctx, userID, params) + return res, err +} + +func (hand *Handler) DeleteGrant(ctx context.Context, params *cmctl.DeleteGrantParams) (*cmctl.DeleteGrantResult, error) { + var err error + hand.log.Debugf("Handle DeleteGrant call") + res := &cmctl.DeleteGrantResult{} + userID, err := hand.Authentificate(ctx) + if err != nil { + return res, err + } + res, err = hand.lg.DeleteGrant(ctx, userID, params) + return res, err +} diff --git a/internal/logic/database.go b/internal/logic/database.go new file mode 100644 index 0000000..790c4c1 --- /dev/null +++ b/internal/logic/database.go @@ -0,0 +1,64 @@ +package logic + +import ( + "context" + "time" + + "certmanager/internal/descriptor" + "certmanager/pkg/auxid" +) + +func (lg *Logic) CleanDatabase(ctx context.Context) error { + var err error + err = lg.db.CleanDatabase(ctx) + if err != nil { + return err + } + return err +} + +func (lg *Logic) SeedAccount(ctx context.Context) (int64, error) { + var err error + var userID int64 + accountDescrs, err := lg.db.ListAccounts(ctx) + if err != nil { + return userID, err + } + if len(accountDescrs) == 0 { + now := time.Now().Format(time.RFC3339) + accountDescr := &descriptor.Account{ + ID: auxid.GenID(), + Username: "certman", + Password: "certman", + Disabled: false, + CreatedAt: now, + UpdatedAt: now, + } + err = lg.db.InsertAccount(ctx, accountDescr) + if err != nil { + return userID, err + } + userID = accountDescr.ID + grantTypes := []string{ + descriptor.GrantModifyServices, + descriptor.GrantModifyUssuers, + descriptor.GrantModifyUsers, + } + for _, grantType := range grantTypes { + grantDescr := &descriptor.Grant{ + AccountID: accountDescr.ID, + Operation: grantType, + CreatedAt: now, + } + err = lg.db.InsertGrant(ctx, grantDescr) + if err != nil { + return userID, err + } + + } + + } + + return userID, err + +} diff --git a/internal/logic/grants.go b/internal/logic/grants.go new file mode 100644 index 0000000..d970ae8 --- /dev/null +++ b/internal/logic/grants.go @@ -0,0 +1,129 @@ +package logic + +import ( + "context" + "fmt" + "time" + + "certmanager/internal/descriptor" + "certmanager/pkg/auxid" + "certmanager/pkg/cmctl" +) + +func (lg *Logic) SetGrant(ctx context.Context, userID int64, params *cmctl.SetGrantParams) (*cmctl.SetGrantResult, error) { + var err error + res := &cmctl.SetGrantResult{} + + grantTypes := []string{ + descriptor.GrantModifyServices, + descriptor.GrantModifyUssuers, + descriptor.GrantModifyUsers, + } + var grantOk bool + for _, grantType := range grantTypes { + if grantType == params.Operation { + grantOk = true + break + } + } + if !grantOk { + err := fmt.Errorf("Unknown grant type") + return res, err + } + + var accountDescr *descriptor.Account + var accountExists bool + switch { + case params.AccountID != 0: + accountExists, accountDescr, err = lg.db.GetAccountByID(ctx, params.AccountID) + if err != nil { + return res, err + } + case params.Username != "": + accountExists, accountDescr, err = lg.db.GetAccountByUsername(ctx, params.Username) + if err != nil { + return res, err + } + } + if !accountExists || accountDescr == nil { + err := fmt.Errorf("Account with this id or name dont exists") + return res, err + } + + //grantExists := true + grantExists, _, err := lg.db.GetGrant(ctx, accountDescr.ID, params.Operation) + if err != nil { + return res, err + } + if grantExists { + err := fmt.Errorf("Grant %s for the user already exists", params.Operation) + return res, err + } + now := time.Now().Format(time.RFC3339) + grantDescr := &descriptor.Grant{ + ID: auxid.GenID(), + AccountID: accountDescr.ID, + CreatedAt: now, + Operation: params.Operation, + } + err = lg.db.InsertGrant(ctx, grantDescr) + if err != nil { + return res, err + } + return res, err +} + +func (lg *Logic) DeleteGrant(ctx context.Context, userID int64, params *cmctl.DeleteGrantParams) (*cmctl.DeleteGrantResult, error) { + var err error + res := &cmctl.DeleteGrantResult{} + + grantTypes := []string{ + descriptor.GrantModifyServices, + descriptor.GrantModifyUssuers, + descriptor.GrantModifyUsers, + } + var grantOk bool + for _, grantType := range grantTypes { + if grantType == params.Operation { + grantOk = true + break + } + } + if !grantOk { + err := fmt.Errorf("Unknown grant type") + return res, err + } + + var accountDescr *descriptor.Account + var accountExists bool + switch { + case params.AccountID != 0: + accountExists, accountDescr, err = lg.db.GetAccountByID(ctx, params.AccountID) + if err != nil { + return res, err + } + case params.Username != "": + accountExists, accountDescr, err = lg.db.GetAccountByUsername(ctx, params.Username) + if err != nil { + return res, err + } + } + if !accountExists || accountDescr == nil { + err := fmt.Errorf("Account with this id or name dont exists") + return res, err + } + + grantExists, _, err := lg.db.GetGrant(ctx, accountDescr.ID, params.Operation) + if err != nil { + return res, err + } + if !grantExists { + err := fmt.Errorf("Grant %s for the user not exists") + return res, err + } + err = lg.db.DeleteGrantByAccountID(ctx, accountDescr.ID, params.Operation) + if err != nil { + return res, err + } + return res, err +}