-
Notifications
You must be signed in to change notification settings - Fork 29
/
opensearch_acls.go
151 lines (129 loc) · 4.81 KB
/
opensearch_acls.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
package aiven
import "context"
type (
// OpenSearchACLsHandler Aiven go-client handler for OpenSearch ACLs
OpenSearchACLsHandler struct {
client *Client
}
// OpenSearchACLRequest Aiven API request
// https://api.aiven.io/v1/project/<project>/service/<service_name>/opensearch/acl
OpenSearchACLRequest struct {
OpenSearchACLConfig OpenSearchACLConfig `json:"opensearch_acl_config"`
}
// OpenSearchACLResponse Aiven API response
// https://api.aiven.io/v1/project/<project>/service/<service_name>/opensearch/acl
OpenSearchACLResponse struct {
APIResponse
OpenSearchACLConfig OpenSearchACLConfig `json:"opensearch_acl_config"`
}
// OpenSearchACLConfig represents a configuration for OpenSearch ACLs
OpenSearchACLConfig struct {
ACLs []OpenSearchACL `json:"acls"`
Enabled bool `json:"enabled"`
ExtendedAcl bool `json:"extendedAcl"`
}
// OpenSearchACL represents a OpenSearch ACLs entry
OpenSearchACL struct {
Rules []OpenSearchACLRule `json:"rules"`
Username string `json:"username"`
}
// OpenSearchACLRule represents a OpenSearch ACLs Rule entry
OpenSearchACLRule struct {
Index string `json:"index"`
Permission string `json:"permission"`
}
)
// Update updates OpenSearch ACL config
func (h *OpenSearchACLsHandler) Update(ctx context.Context, project, service string, req OpenSearchACLRequest) (*OpenSearchACLResponse, error) {
path := buildPath("project", project, "service", service, "opensearch", "acl")
bts, err := h.client.doPutRequest(ctx, path, req)
if err != nil {
return nil, err
}
var r OpenSearchACLResponse
return &r, checkAPIResponse(bts, &r)
}
// Get gets all existing OpenSearch ACLs config
func (h *OpenSearchACLsHandler) Get(ctx context.Context, project, service string) (*OpenSearchACLResponse, error) {
path := buildPath("project", project, "service", service, "opensearch", "acl")
bts, err := h.client.doGetRequest(ctx, path, nil)
if err != nil {
return nil, err
}
var r OpenSearchACLResponse
return &r, checkAPIResponse(bts, &r)
}
// Delete removes the specified ACL from the existing OpenSearch ACLs config.
func (conf *OpenSearchACLConfig) Delete(ctx context.Context, acl OpenSearchACL) *OpenSearchACLConfig {
newACLs := []OpenSearchACL{} // Create a new slice to hold the updated list of ACLs.
// Iterate over each existing ACL entry.
for _, existingAcl := range conf.ACLs {
// If the ACL usernames match, we'll potentially modify the rules.
if acl.Username == existingAcl.Username {
newRules := []OpenSearchACLRule{} // Create a new slice to hold the updated list of rules.
// Check each existing rule against the rules in the ACL to be deleted.
for _, existingRule := range existingAcl.Rules {
match := false // Flag to track if the existing rule matches any rule in the ACL to be deleted.
for _, ruleToDelete := range acl.Rules {
if existingRule.Permission == ruleToDelete.Permission && existingRule.Index == ruleToDelete.Index {
match = true // The existing rule matches a rule in the ACL to be deleted.
break
}
}
// If the existing rule doesn't match any rule in the ACL to be deleted, add it to the new list.
if !match {
newRules = append(newRules, existingRule)
}
}
// If there are remaining rules after deletion, add the modified ACL to the new list.
if len(newRules) > 0 {
existingAcl.Rules = newRules
newACLs = append(newACLs, existingAcl)
}
} else {
// If the usernames don't match, directly add the existing ACL to the new list.
newACLs = append(newACLs, existingAcl)
}
}
// Replace the original list of ACLs with the updated list.
conf.ACLs = newACLs
return conf
}
// Add appends new ACL to the existing OpenSearch ACLs config.
func (conf *OpenSearchACLConfig) Add(acl OpenSearchACL) *OpenSearchACLConfig {
var userIndex int
userExists := false
// Iterate over the existing ACLs to identify duplicates and determine user existence.
for p, existingAcl := range conf.ACLs {
if acl.Username == existingAcl.Username {
userExists = true
userIndex = p
// Filter out any rules in the ACL to add that already exist for the user.
remainingRules := []OpenSearchACLRule{}
for _, rule := range acl.Rules {
exists := false
for _, existingRule := range existingAcl.Rules {
if rule.Permission == existingRule.Permission && rule.Index == existingRule.Index {
exists = true
break
}
}
if !exists {
remainingRules = append(remainingRules, rule)
}
}
acl.Rules = remainingRules
}
}
// If no rules remain for the user, return the existing configuration.
if len(acl.Rules) == 0 {
return conf
}
// Add the new or updated ACL to the config.
if userExists {
conf.ACLs[userIndex].Rules = append(conf.ACLs[userIndex].Rules, acl.Rules...)
} else {
conf.ACLs = append(conf.ACLs, acl)
}
return conf
}