fluidB
/
fluidb-old
1
0
Fork 0
Code Pull Requests Activity

Add Join Perms back

Browse Source
master
Philip O'Toole 10 months ago
parent 3fe6e3f122
commit 66434caeb9
3 changed files with 23 additions and 8 deletions
Show Stats Download Patch File Download Diff File

4
auth/credential_store.go
Unescape Escape View File

@ -18,6 +18,10 @@ const (
// PermAll means all actions permitted. // PermAll means all actions permitted.
PermAll = "all" PermAll = "all"
// PermJoin means user is permitted to join cluster.
PermJoin = "join"
// PermJoinReadOnly means user is permitted to join the cluster only as a read-only node
PermJoinReadOnly = "join-read-only"
// PermRemove means user is permitted to remove a node. // PermRemove means user is permitted to remove a node.
PermRemove = "remove" PermRemove = "remove"
// PermExecute means user can access execute endpoint. // PermExecute means user can access execute endpoint.

23
cluster/service.go
Unescape Escape View File

@ -439,6 +439,8 @@ func (s *Service) handleConn(conn net.Conn) {
nr := c.GetNotifyRequest() nr := c.GetNotifyRequest()
if nr == nil { if nr == nil {
resp.Error = "NotifyRequest is nil" resp.Error = "NotifyRequest is nil"
} else if !s.checkCommandPermAll(c, auth.PermJoin) {
resp.Error = "unauthorized"
} else { } else {
if err := s.mgr.Notify(nr); err != nil { if err := s.mgr.Notify(nr); err != nil {
resp.Error = err.Error() resp.Error = err.Error()
@ -454,16 +456,21 @@ func (s *Service) handleConn(conn net.Conn) {
if jr == nil { if jr == nil {
resp.Error = "JoinRequest is nil" resp.Error = "JoinRequest is nil"
} else { } else {
if err := s.mgr.Join(jr); err != nil { if (jr.Voter && s.checkCommandPerm(c, auth.PermJoin)) ||
resp.Error = err.Error() (!jr.Voter && s.checkCommandPerm(c, auth.PermJoinReadOnly)) {
if err.Error() == "not leader" { if err := s.mgr.Join(jr); err != nil {
laddr, err := s.mgr.LeaderAddr() resp.Error = err.Error()
if err != nil { if err.Error() == "not leader" {
resp.Error = err.Error() laddr, err := s.mgr.LeaderAddr()
} else { if err != nil {
resp.Leader = laddr resp.Error = err.Error()
} else {
resp.Leader = laddr
}
} }
} }
} else {
resp.Error = "unauthorized"
} }
} }
marshalAndWrite(conn, resp) marshalAndWrite(conn, resp)

4
cmd/rqlited/flags.go
Unescape Escape View File

@ -111,6 +111,9 @@ type Config struct {
// JoinInterval is the time between retrying failed join operations. // JoinInterval is the time between retrying failed join operations.
JoinInterval time.Duration JoinInterval time.Duration
// JoinAs sets the user join attempts should be performed as. May not be set.
JoinAs string
// BootstrapExpect is the minimum number of nodes required for a bootstrap. // BootstrapExpect is the minimum number of nodes required for a bootstrap.
BootstrapExpect int BootstrapExpect int
@ -441,6 +444,7 @@ func ParseFlags(name, desc string, build *BuildInfo) (*Config, error) {
flag.StringVar(&config.JoinAddrs, "join", "", "Comma-delimited list of nodes, through which a cluster can be joined (proto://host:port)") flag.StringVar(&config.JoinAddrs, "join", "", "Comma-delimited list of nodes, through which a cluster can be joined (proto://host:port)")
flag.IntVar(&config.JoinAttempts, "join-attempts", 5, "Number of join attempts to make") flag.IntVar(&config.JoinAttempts, "join-attempts", 5, "Number of join attempts to make")
flag.DurationVar(&config.JoinInterval, "join-interval", 3*time.Second, "Period between join attempts") flag.DurationVar(&config.JoinInterval, "join-interval", 3*time.Second, "Period between join attempts")
flag.StringVar(&config.JoinAs, "join-as", "", "Username in authentication file to join as. If not set, joins anonymously")
flag.IntVar(&config.BootstrapExpect, "bootstrap-expect", 0, "Minimum number of nodes required for a bootstrap") flag.IntVar(&config.BootstrapExpect, "bootstrap-expect", 0, "Minimum number of nodes required for a bootstrap")
flag.DurationVar(&config.BootstrapExpectTimeout, "bootstrap-expect-timeout", 120*time.Second, "Maximum time for bootstrap process") flag.DurationVar(&config.BootstrapExpectTimeout, "bootstrap-expect-timeout", 120*time.Second, "Maximum time for bootstrap process")
flag.StringVar(&config.DiscoMode, "disco-mode", "", "Choose clustering discovery mode. If not set, no node discovery is performed") flag.StringVar(&config.DiscoMode, "disco-mode", "", "Choose clustering discovery mode. If not set, no node discovery is performed")

Write Preview
Loading…
Cancel
Save