*: support getting role in auth v3

This commit implements RoleGet() RPC of etcdserver and adds a new subcommand "role get" to etcdctl v3. It will list up permissions that are granted to a given role. $ ETCDCTL_API=3 bin/etcdctl role get r1 Role r1 KV Read: b d KV Write: a c d
2016-06-02 23:25:15 +09:00
parent 755567cb3d
commit 10ee69b44c
10 changed files with 452 additions and 206 deletions
--- a/auth/store.go
+++ b/auth/store.go
@ -82,6 +82,9 @@ type AuthStore interface {
 	// RoleGrant grants a permission to a role
 	RoleGrant(r *pb.AuthRoleGrantRequest) (*pb.AuthRoleGrantResponse, error)

+	// RoleGet gets the detailed information of a role
+	RoleGet(r *pb.AuthRoleGetRequest) (*pb.AuthRoleGetResponse, error)
+
 	// UsernameFromToken gets a username from the given Token
 	UsernameFromToken(token string) (string, bool)

@ -321,6 +324,30 @@ func (as *authStore) UserGet(r *pb.AuthUserGetRequest) (*pb.AuthUserGetResponse,
 	return &resp, nil
 }

+func (as *authStore) RoleGet(r *pb.AuthRoleGetRequest) (*pb.AuthRoleGetResponse, error) {
+	tx := as.be.BatchTx()
+	tx.Lock()
+	defer tx.Unlock()
+
+	_, vs := tx.UnsafeRange(authRolesBucketName, []byte(r.Role), nil, 0)
+	if len(vs) != 1 {
+		return nil, ErrRoleNotFound
+	}
+
+	role := &authpb.Role{}
+	err := role.Unmarshal(vs[0])
+	if err != nil {
+		return nil, err
+	}
+
+	var resp pb.AuthRoleGetResponse
+	for _, perm := range role.KeyPermission {
+		resp.Perm = append(resp.Perm, perm)
+	}
+
+	return &resp, nil
+}
+
 func (as *authStore) RoleAdd(r *pb.AuthRoleAddRequest) (*pb.AuthRoleAddResponse, error) {
 	tx := as.be.BatchTx()
 	tx.Lock()