etcdctl: an option for granting permission with key prefix

This commit adds a new option --prefix to "role grant-permission" command. If the option is passed, the command interprets the key as a prefix of range permission. Example of usage: $ ETCDCTL_API=3 bin/etcdctl --user root:p role grant-permission --prefix r1 readwrite /dir/ Role r1 updated $ ETCDCTL_API=3 bin/etcdctl --user root:p role get r1 Role r1 KV Read: [/dir/, /dir0) [k1, k5) KV Write: [/dir/, /dir0) [k1, k5) $ ETCDCTL_API=3 bin/etcdctl --user u1:p put /dir/key val OK
2016-09-13 12:22:53 +09:00
parent 3df8838501
commit 4e2b09a7ca
3 changed files with 53 additions and 4 deletions
--- a/etcdctl/ctlv3/command/role_command.go
+++ b/etcdctl/ctlv3/command/role_command.go
@ -22,6 +22,10 @@ import (
 	"golang.org/x/net/context"
 )

+var (
+	grantPermissionPrefix bool
+)
+
 // NewRoleCommand returns the cobra command for "role".
 func NewRoleCommand() *cobra.Command {
 	ac := &cobra.Command{
@ -72,11 +76,15 @@ func newRoleListCommand() *cobra.Command {
 }

 func newRoleGrantPermissionCommand() *cobra.Command {
-	return &cobra.Command{
+	cmd := &cobra.Command{
 		Use:   "grant-permission <role name> <permission type> <key> [endkey]",
 		Short: "Grants a key to a role",
 		Run:   roleGrantPermissionCommandFunc,
 	}
+
+	cmd.Flags().BoolVar(&grantPermissionPrefix, "prefix", false, "grant a prefix permission")
+
+	return cmd
 }

 func newRoleRevokePermissionCommand() *cobra.Command {
@ -183,7 +191,12 @@ func roleGrantPermissionCommandFunc(cmd *cobra.Command, args []string) {

 	rangeEnd := ""
 	if 4 <= len(args) {
+		if grantPermissionPrefix {
+			ExitWithError(ExitBadArgs, fmt.Errorf("don't pass both of --prefix option and range end to grant permission command"))
+		}
 		rangeEnd = args[3]
+	} else if grantPermissionPrefix {
+		rangeEnd = clientv3.GetPrefixRangeEnd(args[2])
 	}

 	_, err = mustClientFromCmd(cmd).Auth.RoleGrantPermission(context.TODO(), args[0], args[2], rangeEnd, perm)