forked from aiven/aiven-go-client
-
Notifications
You must be signed in to change notification settings - Fork 1
/
elasticsearch_acls.go
127 lines (107 loc) · 4.14 KB
/
elasticsearch_acls.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
package aiven
type (
// ElasticSearchACLsHandler Aiven go-client handler for Elastisearch ACLs
ElasticSearchACLsHandler struct {
client *Client
}
// ElasticsearchACLRequest Aiven API request
// https://api.aiven.io/v1/project/<project>/service/<service_name>/elasticsearch/acl
ElasticsearchACLRequest struct {
ElasticSearchACLConfig ElasticSearchACLConfig `json:"elasticsearch_acl_config"`
}
// ElasticSearchACLResponse Aiven API response
// https://api.aiven.io/v1/project/<project>/service/<service_name>/elasticsearch/acl
ElasticSearchACLResponse struct {
APIResponse
ElasticSearchACLConfig ElasticSearchACLConfig `json:"elasticsearch_acl_config"`
}
// ElasticSearchACLConfig represents a configuration for Elasticsearch ACLs
ElasticSearchACLConfig struct {
ACLs []ElasticSearchACL `json:"acls"`
Enabled bool `json:"enabled"`
ExtendedAcl bool `json:"extendedAcl"`
}
// ElasticSearchACL represents a ElasticSearch ACLs entry
ElasticSearchACL struct {
Rules []ElasticsearchACLRule `json:"rules"`
Username string `json:"username"`
}
// ElasticsearchACLRule represents a ElasticSearch ACLs Rule entry
ElasticsearchACLRule struct {
Index string `json:"index"`
Permission string `json:"permission"`
}
)
// Update updates Elasticsearch ACL config
func (h *ElasticSearchACLsHandler) Update(project, service string, req ElasticsearchACLRequest) (*ElasticSearchACLResponse, error) {
path := buildPath("project", project, "service", service, "elasticsearch", "acl")
bts, err := h.client.doPutRequest(path, req)
if err != nil {
return nil, err
}
var r ElasticSearchACLResponse
errR := checkAPIResponse(bts, &r)
return &r, errR
}
// Get gets all existing Elasticsearch ACLs config
func (h *ElasticSearchACLsHandler) Get(project, service string) (*ElasticSearchACLResponse, error) {
path := buildPath("project", project, "service", service, "elasticsearch", "acl")
bts, err := h.client.doGetRequest(path, nil)
if err != nil {
return nil, err
}
var r ElasticSearchACLResponse
errR := checkAPIResponse(bts, &r)
return &r, errR
}
// Delete subtracts ACL from already existing Elasticsearch ACLs config
func (conf *ElasticSearchACLConfig) Delete(acl ElasticSearchACL) *ElasticSearchACLConfig {
for p, existingAcl := range conf.ACLs { // subtract ALC from existing ACLs config entry that supposed to be deleted
if acl.Username == existingAcl.Username {
for i := range existingAcl.Rules {
// remove ACL from existing ACLs list
for _, rule := range acl.Rules {
if existingAcl.Rules[i].Permission == rule.Permission && existingAcl.Rules[i].Index == rule.Index {
conf.ACLs[p].Rules = append(conf.ACLs[p].Rules[:i], conf.ACLs[p].Rules[i+1:]...)
}
}
// delete ACL item from ACLs list is there are not rules attached to it
if len(conf.ACLs[p].Rules) == 0 {
conf.ACLs = append(conf.ACLs[:p], conf.ACLs[p+1:]...)
}
}
}
}
return conf
}
// Add appends new ACL to already existing Elasticsearch ACLs config
func (conf *ElasticSearchACLConfig) Add(acl ElasticSearchACL) *ElasticSearchACLConfig {
var userAlreadyExist bool
var userIndex int
// check what ACL rules we already have for a user, and if we find that rule already exists,
// remove it from a rules slice since there is no need of adding duplicates records to the ACL list
for p, existingAcl := range conf.ACLs {
if acl.Username == existingAcl.Username { // ACL record for this user already exists
userAlreadyExist = true
userIndex = p
for _, existingRule := range existingAcl.Rules {
for i, rule := range acl.Rules {
if existingRule.Permission == rule.Permission && existingRule.Index == rule.Index {
// remove rule since it already exists for this user
acl.Rules = append(acl.Rules[:i], acl.Rules[i+1:]...)
}
}
}
}
}
if len(acl.Rules) == 0 {
return conf // nothing to add to already existing ACL rules list for a user
}
// add to existing Elasticsearch ACL config new records
if userAlreadyExist {
conf.ACLs[userIndex].Rules = append(conf.ACLs[userIndex].Rules, acl.Rules...)
} else {
conf.ACLs = append(conf.ACLs, acl)
}
return conf
}