From 10b17da590fc43622c6080815f65fbbb2721b640 Mon Sep 17 00:00:00 2001 From: enyinna1234 Date: Fri, 14 Feb 2020 08:41:49 -0800 Subject: Add Distributed Cloud Manager This handles RESTful API CRUD operations for logical clouds, CLuster, User Permissions, Quota, and Key Value pairs. See: https://wiki.onap.org/x/tAiVB Issue-ID: MULTICLOUD-996 Signed-off-by: Enyinna Ochulor Change-Id: I654a304cd682f762c02cfd92b4483d1edea63fca --- src/dcm/pkg/module/userpermissions.go | 193 ++++++++++++++++++++++++++++++++++ 1 file changed, 193 insertions(+) create mode 100644 src/dcm/pkg/module/userpermissions.go (limited to 'src/dcm/pkg/module/userpermissions.go') diff --git a/src/dcm/pkg/module/userpermissions.go b/src/dcm/pkg/module/userpermissions.go new file mode 100644 index 00000000..cf961a65 --- /dev/null +++ b/src/dcm/pkg/module/userpermissions.go @@ -0,0 +1,193 @@ +/* +* Copyright 2020 Intel Corporation, Inc +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ + +package module + +import ( + pkgerrors "github.com/pkg/errors" +) + +// UserPermission contains the parameters needed for a user permission +type UserPermission struct { + UserPermissionName string `json:"name"` + APIGroups []string `json:"apiGroups"` + Resources []string `json:"resources"` + Verbs []string `json:"verbs"` +} + +// UserPermissionKey is the key structure that is used in the database +type UserPermissionKey struct { + Project string `json:"project"` + LogicalCloudName string `json:"logical-cloud-name"` + UserPermissionName string `json:"upname"` +} + +// UserPermissionManager is an interface that exposes the connection +// functionality +type UserPermissionManager interface { + CreateUserPerm(project, logicalCloud string, c UserPermission) (UserPermission, error) + GetUserPerm(project, logicalCloud, name string) (UserPermission, error) + GetAllUserPerms(project, logicalCloud string) ([]UserPermission, error) + DeleteUserPerm(project, logicalCloud, name string) error + UpdateUserPerm(project, logicalCloud, name string, c UserPermission) (UserPermission, error) +} + +// UserPermissionClient implements the UserPermissionManager +// It will also be used to maintain some localized state +type UserPermissionClient struct { + storeName string + tagMeta string + util Utility +} + +// UserPermissionClient returns an instance of the UserPermissionClient +// which implements the UserPermissionManager +func NewUserPermissionClient() *UserPermissionClient { + service := DBService{} + return &UserPermissionClient{ + storeName: "orchestrator", + tagMeta: "userpermission", + util: service, + } +} + +// Create entry for the User Permission resource in the database +func (v *UserPermissionClient) CreateUserPerm(project, logicalCloud string, c UserPermission) (UserPermission, error) { + + //Construct key consisting of name + key := UserPermissionKey { + Project: project, + LogicalCloudName: logicalCloud, + UserPermissionName: c.UserPermissionName, + } + + //Check if project exists + err := v.util.CheckProject(project) + if err != nil { + return UserPermission{}, pkgerrors.New("Unable to find the project") + } + //check if logical cloud exists + err = v.util.CheckLogicalCloud(project, logicalCloud) + if err != nil { + return UserPermission{}, pkgerrors.New("Unable to find the logical cloud") + } + + //Check if this User Permission already exists + _, err = v.GetUserPerm(project, logicalCloud, c.UserPermissionName) + if err == nil { + return UserPermission{}, pkgerrors.New("User Permission already exists") + } + + err = v.util.DBInsert(v.storeName, key, nil, v.tagMeta, c) + if err != nil { + return UserPermission{}, pkgerrors.Wrap(err, "Creating DB Entry") + } + + return c, nil +} + +// Get returns User Permission for corresponding name +func (v *UserPermissionClient) GetUserPerm(project, logicalCloud, userPermName string) (UserPermission, error) { + + //Construct the composite key to select the entry + key := UserPermissionKey{ + Project: project, + LogicalCloudName: logicalCloud, + UserPermissionName: userPermName, + } + + value, err := v.util.DBFind(v.storeName, key, v.tagMeta) + if err != nil { + return UserPermission{}, pkgerrors.Wrap(err, "Get User Permission") + } + + //value is a byte array + if value != nil { + up := UserPermission{} + err = v.util.DBUnmarshal(value[0], &up) + if err != nil { + return UserPermission{}, pkgerrors.Wrap(err, "Unmarshaling value") + } + return up, nil + } + + return UserPermission{}, pkgerrors.New("Error getting User Permission") +} + +// GetAll lists all user permissions +func (v *UserPermissionClient) GetAllUserPerms(project, logicalCloud string) ([]UserPermission, error) { + //Construct the composite key to select the entry + key := UserPermissionKey { + Project: project, + LogicalCloudName: logicalCloud, + UserPermissionName: "", + } + var resp []UserPermission + values, err := v.util.DBFind(v.storeName, key, v.tagMeta) + if err != nil { + return []UserPermission{}, pkgerrors.Wrap(err, "Get All User Permissions") + } + + for _, value := range values { + up := UserPermission{} + err = v.util.DBUnmarshal(value, &up) + if err != nil { + return []UserPermission{}, pkgerrors.Wrap(err, "Unmarshaling value") + } + resp = append(resp, up) + } + return resp, nil +} +// Delete the User Permission entry from database +func (v *UserPermissionClient) DeleteUserPerm(project, logicalCloud, userPermName string) error { + //Construct the composite key to select the entry + key := UserPermissionKey{ + Project: project, + LogicalCloudName: logicalCloud, + UserPermissionName: userPermName, + } + err := v.util.DBRemove(v.storeName, key) + if err != nil { + return pkgerrors.Wrap(err, "Delete User Permission") + } + return nil +} + +// Update an entry for the User Permission in the database +func (v *UserPermissionClient) UpdateUserPerm(project, logicalCloud, userPermName string, c UserPermission) ( + UserPermission, error) { + + key := UserPermissionKey{ + Project: project, + LogicalCloudName: logicalCloud, + UserPermissionName: userPermName, + } + //Check for URL name and json permission name mismatch + if c.UserPermissionName != userPermName { + return UserPermission{}, pkgerrors.New("Update Error - Permission name mismatch") + } + //Check if this User Permission exists + _, err := v.GetUserPerm(project, logicalCloud, userPermName) + if err != nil { + return UserPermission{}, pkgerrors.New( + "Update Error - User Permission doesn't exist") + } + err = v.util.DBInsert(v.storeName, key, nil, v.tagMeta, c) + if err != nil { + return UserPermission{}, pkgerrors.Wrap(err, "Updating DB Entry") + } + return c, nil +} -- cgit 1.2.3-korg