-
Notifications
You must be signed in to change notification settings - Fork 28
/
elasticsearch_acls.go
159 lines (137 loc) · 5.19 KB
/
elasticsearch_acls.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
package aiven
import "context"
type (
// ElasticSearchACLsHandler Aiven go-client handler for Elastisearch ACLs
ElasticSearchACLsHandler struct {
client *Client
}
// ElasticsearchACLRequest Aiven API request
// https://api.aiven.io/v1/project/<project>/service/<service_name>/elasticsearch/acl
ElasticsearchACLRequest struct {
ElasticSearchACLConfig ElasticSearchACLConfig `json:"elasticsearch_acl_config"`
}
// ElasticSearchACLResponse Aiven API response
// https://api.aiven.io/v1/project/<project>/service/<service_name>/elasticsearch/acl
ElasticSearchACLResponse struct {
APIResponse
ElasticSearchACLConfig ElasticSearchACLConfig `json:"elasticsearch_acl_config"`
}
// ElasticSearchACLConfig represents a configuration for Elasticsearch ACLs
ElasticSearchACLConfig struct {
ACLs []ElasticSearchACL `json:"acls"`
Enabled bool `json:"enabled"`
ExtendedAcl bool `json:"extendedAcl"`
}
// ElasticSearchACL represents a ElasticSearch ACLs entry
ElasticSearchACL struct {
Rules []ElasticsearchACLRule `json:"rules"`
Username string `json:"username"`
}
// ElasticsearchACLRule represents a ElasticSearch ACLs Rule entry
ElasticsearchACLRule struct {
Index string `json:"index"`
Permission string `json:"permission"`
}
)
// Update updates Elasticsearch ACL config
//
// Deprecated: Use OpenSearchACLsHandler.Update instead.
func (h *ElasticSearchACLsHandler) Update(ctx context.Context, project, service string, req ElasticsearchACLRequest) (*ElasticSearchACLResponse, error) {
path := buildPath("project", project, "service", service, "elasticsearch", "acl")
bts, err := h.client.doPutRequest(ctx, path, req)
if err != nil {
return nil, err
}
var r ElasticSearchACLResponse
return &r, checkAPIResponse(bts, &r)
}
// Get gets all existing Elasticsearch ACLs config
//
// Deprecated: Use OpenSearchACLsHandler.Get instead.
func (h *ElasticSearchACLsHandler) Get(ctx context.Context, project, service string) (*ElasticSearchACLResponse, error) {
path := buildPath("project", project, "service", service, "elasticsearch", "acl")
bts, err := h.client.doGetRequest(ctx, path, nil)
if err != nil {
return nil, err
}
var r ElasticSearchACLResponse
return &r, checkAPIResponse(bts, &r)
}
// Delete removes the specified ACL from the existing ElasticSearch ACLs config.
//
// Deprecated: Use OpenSearchACLConfig.Delete instead.
func (conf *ElasticSearchACLConfig) Delete(ctx context.Context, acl ElasticSearchACL) *ElasticSearchACLConfig {
newACLs := []ElasticSearchACL{} // Create a new slice to hold the updated list of ACLs.
// Iterate over each existing ACL entry.
for _, existingAcl := range conf.ACLs {
// If the ACL usernames match, we'll potentially modify the rules.
if acl.Username == existingAcl.Username {
newRules := []ElasticsearchACLRule{} // Create a new slice to hold the updated list of rules.
// Check each existing rule against the rules in the ACL to be deleted.
for _, existingRule := range existingAcl.Rules {
match := false // Flag to track if the existing rule matches any rule in the ACL to be deleted.
for _, ruleToDelete := range acl.Rules {
if existingRule.Permission == ruleToDelete.Permission && existingRule.Index == ruleToDelete.Index {
match = true // The existing rule matches a rule in the ACL to be deleted.
break
}
}
// If the existing rule doesn't match any rule in the ACL to be deleted, add it to the new list.
if !match {
newRules = append(newRules, existingRule)
}
}
// If there are remaining rules after deletion, add the modified ACL to the new list.
if len(newRules) > 0 {
existingAcl.Rules = newRules
newACLs = append(newACLs, existingAcl)
}
} else {
// If the usernames don't match, directly add the existing ACL to the new list.
newACLs = append(newACLs, existingAcl)
}
}
// Replace the original list of ACLs with the updated list.
conf.ACLs = newACLs
return conf
}
// Add appends new ACL to the existing ElasticSearch ACLs config.
//
// Deprecated: Use OpenSearchACLConfig.Add instead.
func (conf *ElasticSearchACLConfig) Add(acl ElasticSearchACL) *ElasticSearchACLConfig {
var userIndex int
userExists := false
// Iterate over the existing ACLs to identify duplicates and determine user existence.
for p, existingAcl := range conf.ACLs {
if acl.Username == existingAcl.Username {
userExists = true
userIndex = p
// Filter out any rules in the ACL to add that already exist for the user.
remainingRules := []ElasticsearchACLRule{}
for _, rule := range acl.Rules {
exists := false
for _, existingRule := range existingAcl.Rules {
if rule.Permission == existingRule.Permission && rule.Index == existingRule.Index {
exists = true
break
}
}
if !exists {
remainingRules = append(remainingRules, rule)
}
}
acl.Rules = remainingRules
}
}
// If no rules remain for the user, return the existing configuration.
if len(acl.Rules) == 0 {
return conf
}
// Add the new or updated ACL to the config.
if userExists {
conf.ACLs[userIndex].Rules = append(conf.ACLs[userIndex].Rules, acl.Rules...)
} else {
conf.ACLs = append(conf.ACLs, acl)
}
return conf
}