update resources to common uri handling
This commit is contained in:
parent
37ed8bfa83
commit
1117882ced
@ -13,9 +13,11 @@ import (
|
||||
)
|
||||
|
||||
type UriSchemeValidator func(scheme string) bool
|
||||
type UriNormalize func() error
|
||||
|
||||
type Common struct {
|
||||
SchemeCheck UriSchemeValidator `json:"-" yaml:"-"`
|
||||
NormalizePath UriNormalize `json:"-" yaml:"-"`
|
||||
includeQueryParamsInURI bool `json:"-" yaml:"-"`
|
||||
resourceType TypeName `json:"-" yaml:"-"`
|
||||
Uri folio.URI `json:"uri,omitempty" yaml:"uri,omitempty"`
|
||||
@ -34,6 +36,7 @@ type Common struct {
|
||||
func NewCommon(resourceType TypeName, includeQueryParams bool) *Common {
|
||||
c := &Common{ includeQueryParamsInURI: includeQueryParams, resourceType: resourceType }
|
||||
c.SchemeCheck = c.IsValidResourceScheme
|
||||
c.NormalizePath = c.NormalizeFilePath
|
||||
return c
|
||||
}
|
||||
|
||||
@ -123,7 +126,7 @@ func (c *Common) ResolveId(ctx context.Context) string {
|
||||
return c.Path
|
||||
}
|
||||
|
||||
func (c *Common) NormalizePath() error {
|
||||
func (c *Common) NormalizeFilePath() error {
|
||||
if c.config != nil {
|
||||
if prefixPath, configErr := c.config.GetValue("prefix"); configErr == nil {
|
||||
c.Path = filepath.Join(prefixPath.(string), c.Path)
|
||||
|
@ -118,13 +118,15 @@ func NewContainerImage(containerClientApi ContainerImageClient) *ContainerImage
|
||||
panic(err)
|
||||
}
|
||||
}
|
||||
return &ContainerImage{
|
||||
Common: &Common{ includeQueryParamsInURI: true, resourceType: ContainerImageTypeName },
|
||||
c := &ContainerImage{
|
||||
Common: NewCommon(ContainerImageTypeName, true),
|
||||
apiClient: apiClient,
|
||||
InjectJX: true,
|
||||
PushImage: false,
|
||||
ConverterTypes: folio.DocumentRegistry.ConverterTypes,
|
||||
}
|
||||
c.Common.NormalizePath = c.NormalizePath
|
||||
return c
|
||||
}
|
||||
|
||||
func (c *ContainerImage) RegistryAuthConfig() (authConfig registry.AuthConfig, err error) {
|
||||
@ -175,6 +177,10 @@ func (c *ContainerImage) RegistryAuth() (string, error) {
|
||||
}
|
||||
}
|
||||
|
||||
func (c *ContainerImage) NormalizePath() error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (c *ContainerImage) SetResourceMapper(resources data.ResourceMapper) {
|
||||
c.Resources = resources
|
||||
}
|
||||
|
@ -62,7 +62,7 @@ func init() {
|
||||
})
|
||||
}
|
||||
|
||||
func NewContainerNetwork(containerClientApi ContainerNetworkClient) *ContainerNetwork {
|
||||
func NewContainerNetwork(containerClientApi ContainerNetworkClient) (cn *ContainerNetwork) {
|
||||
var apiClient ContainerNetworkClient = containerClientApi
|
||||
if apiClient == nil {
|
||||
var err error
|
||||
@ -71,10 +71,16 @@ func NewContainerNetwork(containerClientApi ContainerNetworkClient) *ContainerNe
|
||||
panic(err)
|
||||
}
|
||||
}
|
||||
return &ContainerNetwork{
|
||||
Common: &Common{ includeQueryParamsInURI: true, resourceType: ContainerNetworkTypeName },
|
||||
cn = &ContainerNetwork{
|
||||
apiClient: apiClient,
|
||||
}
|
||||
cn.Common = NewCommon(ContainerNetworkTypeName, true)
|
||||
cn.Common.NormalizePath = cn.NormalizePath
|
||||
return cn
|
||||
}
|
||||
|
||||
func (n *ContainerNetwork) NormalizePath() error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (n *ContainerNetwork) SetResourceMapper(resources data.ResourceMapper) {
|
||||
|
@ -135,10 +135,17 @@ func NewNormalizedFile() *File {
|
||||
}
|
||||
|
||||
func (f *File) ContentType() string {
|
||||
if f.parsedURI.Scheme != "file" {
|
||||
return f.parsedURI.Scheme
|
||||
}
|
||||
return f.exttype
|
||||
var ext strings.Builder
|
||||
if f.parsedURI.Scheme != "file" {
|
||||
return f.parsedURI.Scheme
|
||||
}
|
||||
if f.fileext == "" {
|
||||
return f.exttype
|
||||
}
|
||||
ext.WriteString(f.exttype)
|
||||
ext.WriteRune('.')
|
||||
ext.WriteString(f.fileext)
|
||||
return ext.String()
|
||||
}
|
||||
|
||||
func (f *File) SetResourceMapper(resources data.ResourceMapper) {
|
||||
@ -215,6 +222,17 @@ func (f *File) Notify(m *machine.EventMessage) {
|
||||
f.State = "absent"
|
||||
panic(e)
|
||||
}
|
||||
case "start_update":
|
||||
if updateErr := f.Update(ctx); updateErr == nil {
|
||||
if triggerErr := f.stater.Trigger("updated"); triggerErr == nil {
|
||||
return
|
||||
} else {
|
||||
f.State = "absent"
|
||||
}
|
||||
} else {
|
||||
f.State = "absent"
|
||||
panic(updateErr)
|
||||
}
|
||||
case "start_delete":
|
||||
if deleteErr := f.Delete(ctx); deleteErr == nil {
|
||||
if triggerErr := f.StateMachine().Trigger("deleted"); triggerErr == nil {
|
||||
|
@ -27,8 +27,9 @@ type decodeGroup Group
|
||||
type GroupType string
|
||||
|
||||
const (
|
||||
GroupTypeAddGroup = "addgroup"
|
||||
GroupTypeGroupAdd = "groupadd"
|
||||
GroupTypeName TypeName = "group"
|
||||
GroupTypeAddGroup GroupType = "addgroup"
|
||||
GroupTypeGroupAdd GroupType = "groupadd"
|
||||
)
|
||||
|
||||
var ErrUnsupportedGroupType error = errors.New("The GroupType is not supported on this system")
|
||||
@ -47,13 +48,17 @@ type Group struct {
|
||||
ReadCommand *command.Command `json:"-" yaml:"-"`
|
||||
UpdateCommand *command.Command `json:"-" yaml:"-"`
|
||||
DeleteCommand *command.Command `json:"-" yaml:"-"`
|
||||
State string `json:"state,omitempty" yaml:"state,omitempty"`
|
||||
//State string `json:"state,omitempty" yaml:"state,omitempty"`
|
||||
config data.ConfigurationValueGetter
|
||||
Resources data.ResourceMapper `json:"-" yaml:"-"`
|
||||
groupStatus *user.Group `json:"-" yaml:"-"`
|
||||
}
|
||||
|
||||
func NewGroup() *Group {
|
||||
return &Group{}
|
||||
func NewGroup() (g *Group) {
|
||||
g = &Group{}
|
||||
g.Common = NewCommon(GroupTypeName, true)
|
||||
g.Common.NormalizePath = g.NormalizePath
|
||||
return
|
||||
}
|
||||
|
||||
func init() {
|
||||
@ -82,15 +87,19 @@ func FindSystemGroupType() GroupType {
|
||||
return GroupTypeAddGroup
|
||||
}
|
||||
|
||||
func (g *Group) NormalizePath() error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (g *Group) SetResourceMapper(resources data.ResourceMapper) {
|
||||
g.Resources = resources
|
||||
}
|
||||
|
||||
func (g *Group) Clone() data.Resource {
|
||||
newg := &Group {
|
||||
Common: g.Common,
|
||||
Name: g.Name,
|
||||
GID: g.GID,
|
||||
State: g.State,
|
||||
GroupType: g.GroupType,
|
||||
}
|
||||
newg.CreateCommand, newg.ReadCommand, newg.UpdateCommand, newg.DeleteCommand = g.GroupType.NewCRUD()
|
||||
@ -109,15 +118,53 @@ func (g *Group) Notify(m *machine.EventMessage) {
|
||||
switch m.On {
|
||||
case machine.ENTERSTATEEVENT:
|
||||
switch m.Dest {
|
||||
case "start_stat":
|
||||
if statErr := g.ReadStat(); statErr == nil {
|
||||
if triggerErr := g.StateMachine().Trigger("exists"); triggerErr == nil {
|
||||
return
|
||||
}
|
||||
} else {
|
||||
if triggerErr := g.StateMachine().Trigger("notexists"); triggerErr == nil {
|
||||
return
|
||||
}
|
||||
}
|
||||
case "start_read":
|
||||
if _,readErr := g.Read(ctx); readErr == nil {
|
||||
if triggerErr := g.StateMachine().Trigger("state_read"); triggerErr == nil {
|
||||
return
|
||||
} else {
|
||||
g.Common.State = "absent"
|
||||
panic(triggerErr)
|
||||
}
|
||||
} else {
|
||||
g.Common.State = "absent"
|
||||
panic(readErr)
|
||||
}
|
||||
case "start_create":
|
||||
if e := g.Create(ctx); e == nil {
|
||||
if triggerErr := g.stater.Trigger("created"); triggerErr == nil {
|
||||
return
|
||||
}
|
||||
}
|
||||
g.State = "absent"
|
||||
case "present":
|
||||
g.State = "present"
|
||||
g.Common.State = "absent"
|
||||
|
||||
|
||||
case "start_update":
|
||||
if updateErr := g.Update(ctx); updateErr == nil {
|
||||
if triggerErr := g.stater.Trigger("updated"); triggerErr == nil {
|
||||
return
|
||||
} else {
|
||||
g.Common.State = "absent"
|
||||
}
|
||||
} else {
|
||||
g.Common.State = "absent"
|
||||
panic(updateErr)
|
||||
}
|
||||
|
||||
case "absent":
|
||||
g.Common.State = "absent"
|
||||
case "present", "created", "read":
|
||||
g.Common.State = "present"
|
||||
}
|
||||
case machine.EXITSTATEEVENT:
|
||||
}
|
||||
@ -153,7 +200,7 @@ func (g *Group) Validate() error {
|
||||
|
||||
func (g *Group) Apply() error {
|
||||
ctx := context.Background()
|
||||
switch g.State {
|
||||
switch g.Common.State {
|
||||
case "present":
|
||||
_, NoGroupExists := LookupGID(g.Name)
|
||||
if NoGroupExists != nil {
|
||||
@ -198,10 +245,26 @@ func (g *Group) Create(ctx context.Context) (error) {
|
||||
return e
|
||||
}
|
||||
|
||||
func (g *Group) ReadStat() (err error) {
|
||||
if g.groupStatus == nil {
|
||||
if g.groupStatus, err = user.LookupGroup(g.Name); err != nil {
|
||||
g.Common.State = "absent"
|
||||
return err
|
||||
}
|
||||
}
|
||||
if len(g.groupStatus.Gid) < 1 {
|
||||
g.Common.State = "absent"
|
||||
return ErrResourceStateAbsent
|
||||
}
|
||||
g.GID = g.groupStatus.Gid
|
||||
return
|
||||
}
|
||||
|
||||
|
||||
func (g *Group) Read(ctx context.Context) ([]byte, error) {
|
||||
exErr := g.ReadCommand.Extractor(nil, g)
|
||||
if exErr != nil {
|
||||
g.State = "absent"
|
||||
g.Common.State = "absent"
|
||||
}
|
||||
if yaml, yamlErr := yaml.Marshal(g); yamlErr != nil {
|
||||
return yaml, yamlErr
|
||||
@ -210,8 +273,9 @@ func (g *Group) Read(ctx context.Context) ([]byte, error) {
|
||||
}
|
||||
}
|
||||
|
||||
func (g *Group) Update(ctx context.Context) (error) {
|
||||
return g.Create(ctx)
|
||||
func (g *Group) Update(ctx context.Context) (err error) {
|
||||
_, err = g.UpdateCommand.Execute(g)
|
||||
return
|
||||
}
|
||||
|
||||
func (g *Group) Delete(ctx context.Context) (error) {
|
||||
@ -345,7 +409,7 @@ func NewGroupReadCommand() *command.Command {
|
||||
c := command.NewCommand()
|
||||
c.Extractor = func(out []byte, target any) error {
|
||||
g := target.(*Group)
|
||||
g.State = "absent"
|
||||
g.Common.State = "absent"
|
||||
var readGroup *user.Group
|
||||
var e error
|
||||
if g.Name != "" {
|
||||
@ -360,7 +424,7 @@ func NewGroupReadCommand() *command.Command {
|
||||
g.Name = readGroup.Name
|
||||
g.GID = readGroup.Gid
|
||||
if g.GID != "" {
|
||||
g.State = "present"
|
||||
g.Common.State = "present"
|
||||
}
|
||||
}
|
||||
return e
|
||||
@ -369,7 +433,17 @@ func NewGroupReadCommand() *command.Command {
|
||||
}
|
||||
|
||||
func NewGroupUpdateCommand() *command.Command {
|
||||
return nil
|
||||
c := command.NewCommand()
|
||||
c.Path = "addgroup"
|
||||
c.FailOnError = false
|
||||
c.Args = []command.CommandArg{
|
||||
command.CommandArg("{{ if .GID }}-g {{ .GID }}{{ end }}"),
|
||||
command.CommandArg("{{ .Name }}"),
|
||||
}
|
||||
c.Extractor = func(out []byte, target any) error {
|
||||
return nil
|
||||
}
|
||||
return c
|
||||
}
|
||||
|
||||
func NewGroupDelDeleteCommand() *command.Command {
|
||||
@ -416,7 +490,7 @@ func NewReadGroupsCommand() *command.Command {
|
||||
g := (*Groups)[lineIndex]
|
||||
g.Name = groupRecord[0]
|
||||
g.GID = groupRecord[2]
|
||||
g.State = "present"
|
||||
g.Common.State = "present"
|
||||
g.GroupType = SystemGroupType
|
||||
lineIndex++
|
||||
}
|
||||
|
@ -102,17 +102,26 @@ type HTTP struct {
|
||||
}
|
||||
|
||||
func NewHTTP() *HTTP {
|
||||
h := &HTTP{ client: &http.Client{}, Common: &Common{ includeQueryParamsInURI: true, resourceType: HTTPTypeName, SchemeCheck: func(scheme string) bool {
|
||||
switch scheme {
|
||||
case "http", "https":
|
||||
return true
|
||||
}
|
||||
return false
|
||||
} } }
|
||||
h := &HTTP{ client: &http.Client{} }
|
||||
h.Common = NewCommon(HTTPTypeName, true)
|
||||
h.Common.SchemeCheck = h.SchemeCheck
|
||||
h.Common.NormalizePath = h.NormalizePath
|
||||
slog.Info("NewHTTP()", "http", h)
|
||||
return h
|
||||
}
|
||||
|
||||
func (h *HTTP) SchemeCheck(scheme string) bool {
|
||||
switch scheme {
|
||||
case "http", "https":
|
||||
return true
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
func (h *HTTP) NormalizePath() error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (h *HTTP) SetResourceMapper(resources data.ResourceMapper) {
|
||||
h.Resources = resources
|
||||
}
|
||||
@ -266,11 +275,13 @@ func (h *HTTP) ContentSourceRefStat() (info fs.FileInfo) {
|
||||
}
|
||||
|
||||
func (h *HTTP) ReadStat() (err error) {
|
||||
|
||||
if h.reader == nil {
|
||||
if err = h.OpenGetter(); err != nil {
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
var info fs.FileInfo
|
||||
info, err = h.reader.Stat()
|
||||
|
||||
|
@ -41,7 +41,7 @@ func init() {
|
||||
} else {
|
||||
i.ResourceType = IptableTypeRule
|
||||
id, _ := strconv.ParseUint(fields[1], 10, 32)
|
||||
i.Id = uint(id)
|
||||
i.SetId(uint(id))
|
||||
}
|
||||
}
|
||||
i.CreateCommand, i.ReadCommand, i.UpdateCommand, i.DeleteCommand = i.ResourceType.NewCRUD()
|
||||
@ -72,9 +72,9 @@ var IptableNumber = regexp.MustCompile(`^[0-9]+$`)
|
||||
type IptableChain string
|
||||
|
||||
const (
|
||||
IptableChainInput = "INPUT"
|
||||
IptableChainOutput = "OUTPUT"
|
||||
IptableChainForward = "FORWARD"
|
||||
IptableChainInput = "INPUT"
|
||||
IptableChainOutput = "OUTPUT"
|
||||
IptableChainForward = "FORWARD"
|
||||
IptableChainPreRouting = "PREROUTING"
|
||||
IptableChainPostRouting = "POSTROUTING"
|
||||
)
|
||||
@ -101,6 +101,8 @@ type ExtensionFlag struct {
|
||||
Value string `json:"value" yaml:"value"`
|
||||
}
|
||||
|
||||
type TargetFlag ExtensionFlag
|
||||
|
||||
type IptablePort uint16
|
||||
|
||||
type IptableType string
|
||||
@ -110,6 +112,8 @@ const (
|
||||
IptableTypeChain = "chain"
|
||||
)
|
||||
|
||||
type IptableRule string
|
||||
|
||||
var (
|
||||
ErrInvalidIptableName error = errors.New("The IptableName is not a valid table")
|
||||
)
|
||||
@ -117,32 +121,33 @@ var (
|
||||
// Manage the state of iptables rules
|
||||
// iptable://filter/INPUT/0
|
||||
type Iptable struct {
|
||||
*Common `json:",inline" yaml:",inline"`
|
||||
stater machine.Stater `json:"-" yaml:"-"`
|
||||
parsedURI *url.URL `json:"-" yaml:"-"`
|
||||
Id uint `json:"id,omitempty" yaml:"id,omitempty"`
|
||||
Table IptableName `json:"table" yaml:"table"`
|
||||
Chain IptableChain `json:"chain" yaml:"chain"`
|
||||
Destination IptableCIDR `json:"destination,omitempty" yaml:"destination,omitempty"`
|
||||
Source IptableCIDR `json:"source,omitempty" yaml:"source,omitempty"`
|
||||
Dport IptablePort `json:"dport,omitempty" yaml:"dport,omitempty"`
|
||||
Sport IptablePort `json:"sport,omitempty" yaml:"sport,omitempty"`
|
||||
In string `json:"in,omitempty" yaml:"in,omitempty"`
|
||||
Out string `json:"out,omitempty" yaml:"out,omitempty"`
|
||||
Match []string `json:"match,omitempty" yaml:"match,omitempty"`
|
||||
Flags []ExtensionFlag `json:"extension_flags,omitempty" yaml:"extension_flags,omitempty"`
|
||||
Proto IptableProto `json:"proto,omitempty" yaml:"proto,omitempty"`
|
||||
Jump string `json:"jump,omitempty" yaml:"jump,omitempty"`
|
||||
ChainLength uint `json:"-" yaml:"-"`
|
||||
*Common `json:",inline" yaml:",inline"`
|
||||
stater machine.Stater `json:"-" yaml:"-"`
|
||||
Id uint `json:"id,omitempty" yaml:"id,omitempty"`
|
||||
Table IptableName `json:"table" yaml:"table"`
|
||||
Chain IptableChain `json:"chain" yaml:"chain"`
|
||||
Destination IptableCIDR `json:"destination,omitempty" yaml:"destination,omitempty"`
|
||||
Source IptableCIDR `json:"source,omitempty" yaml:"source,omitempty"`
|
||||
Dport IptablePort `json:"dport,omitempty" yaml:"dport,omitempty"`
|
||||
Sport IptablePort `json:"sport,omitempty" yaml:"sport,omitempty"`
|
||||
In string `json:"in,omitempty" yaml:"in,omitempty"`
|
||||
Out string `json:"out,omitempty" yaml:"out,omitempty"`
|
||||
Match []string `json:"match,omitempty" yaml:"match,omitempty"`
|
||||
Flags []ExtensionFlag `json:"extension_flags,omitempty" yaml:"extension_flags,omitempty"`
|
||||
Proto IptableProto `json:"proto,omitempty" yaml:"proto,omitempty"`
|
||||
Jump string `json:"jump,omitempty" yaml:"jump,omitempty"`
|
||||
TargetFlags []TargetFlag `json:"target_flags,omitempty" yaml:"target_flags,omitempty"`
|
||||
ChainLength uint `json:"-" yaml:"-"`
|
||||
|
||||
ResourceType IptableType `json:"resourcetype,omitempty" yaml:"resourcetype,omitempty"`
|
||||
CreateCommand *command.Command `yaml:"-" json:"-"`
|
||||
ReadCommand *command.Command `yaml:"-" json:"-"`
|
||||
UpdateCommand *command.Command `yaml:"-" json:"-"`
|
||||
DeleteCommand *command.Command `yaml:"-" json:"-"`
|
||||
ResourceType IptableType `json:"resourcetype,omitempty" yaml:"resourcetype,omitempty"`
|
||||
CreateCommand *command.Command `yaml:"-" json:"-"`
|
||||
ReadCommand *command.Command `yaml:"-" json:"-"`
|
||||
ReadChainCommand *command.Command `yaml:"-" json:"-"`
|
||||
UpdateCommand *command.Command `yaml:"-" json:"-"`
|
||||
DeleteCommand *command.Command `yaml:"-" json:"-"`
|
||||
|
||||
config data.ConfigurationValueGetter
|
||||
Resources data.ResourceMapper `yaml:"-" json:"-"`
|
||||
config data.ConfigurationValueGetter
|
||||
Resources data.ResourceMapper `yaml:"-" json:"-"`
|
||||
}
|
||||
|
||||
|
||||
@ -155,10 +160,13 @@ func (n IptableName) Validate() error {
|
||||
}
|
||||
}
|
||||
|
||||
func NewIptable() *Iptable {
|
||||
i := &Iptable{ ResourceType: IptableTypeRule, Common: &Common{ resourceType: IptableTypeName } }
|
||||
func NewIptable() (i *Iptable) {
|
||||
i = &Iptable{ ResourceType: IptableTypeRule }
|
||||
i.Common = NewCommon(IptableTypeName, false)
|
||||
i.Common.NormalizePath = i.NormalizePath
|
||||
i.CreateCommand, i.ReadCommand, i.UpdateCommand, i.DeleteCommand = i.ResourceType.NewCRUD()
|
||||
return i
|
||||
i.ReadChainCommand = NewIptableChainReadCommand()
|
||||
return
|
||||
}
|
||||
|
||||
func (i *Iptable) SetResourceMapper(resources data.ResourceMapper) {
|
||||
@ -195,51 +203,126 @@ func (i *Iptable) Notify(m *machine.EventMessage) {
|
||||
switch m.On {
|
||||
case machine.ENTERSTATEEVENT:
|
||||
switch m.Dest {
|
||||
case "start_create":
|
||||
if e := i.Create(ctx); e == nil {
|
||||
if triggerErr := i.stater.Trigger("created"); triggerErr == nil {
|
||||
case "start_stat":
|
||||
if statErr := i.ReadStat(ctx); statErr == nil {
|
||||
if triggerErr := i.StateMachine().Trigger("exists"); triggerErr == nil {
|
||||
return
|
||||
}
|
||||
} else {
|
||||
if triggerErr := i.StateMachine().Trigger("notexists"); triggerErr == nil {
|
||||
return
|
||||
}
|
||||
}
|
||||
i.Common.State = "absent"
|
||||
case "present":
|
||||
case "start_read":
|
||||
if _,readErr := i.Read(ctx); readErr == nil {
|
||||
if triggerErr := i.stater.Trigger("state_read"); triggerErr == nil {
|
||||
return
|
||||
} else {
|
||||
i.Common.State = "absent"
|
||||
panic(triggerErr)
|
||||
}
|
||||
} else {
|
||||
i.Common.State = "absent"
|
||||
panic(readErr)
|
||||
}
|
||||
case "start_create":
|
||||
if createErr := i.Create(ctx); createErr == nil {
|
||||
if triggerErr := i.stater.Trigger("created"); triggerErr == nil {
|
||||
slog.Info("ContainerImage.Notify()", "created", i, "error", triggerErr)
|
||||
return
|
||||
} else {
|
||||
slog.Info("ContainerImage.Notify()", "created", i, "error", triggerErr)
|
||||
i.Common.State = "absent"
|
||||
panic(triggerErr)
|
||||
}
|
||||
} else {
|
||||
i.Common.State = "absent"
|
||||
panic(createErr)
|
||||
}
|
||||
case "start_update":
|
||||
if createErr := i.Update(ctx); createErr == nil {
|
||||
if triggerErr := i.stater.Trigger("updated"); triggerErr == nil {
|
||||
return
|
||||
} else {
|
||||
i.Common.State = "absent"
|
||||
}
|
||||
} else {
|
||||
i.Common.State = "absent"
|
||||
panic(createErr)
|
||||
}
|
||||
case "start_delete":
|
||||
if deleteErr := i.Delete(ctx); deleteErr == nil {
|
||||
if triggerErr := i.stater.Trigger("deleted"); triggerErr == nil {
|
||||
return
|
||||
}
|
||||
} else {
|
||||
panic(deleteErr)
|
||||
}
|
||||
case "present", "created", "read":
|
||||
i.Common.State = "present"
|
||||
case "absent":
|
||||
i.Common.State = "absent"
|
||||
}
|
||||
case machine.EXITSTATEEVENT:
|
||||
}
|
||||
}
|
||||
|
||||
// Set the chain ID and update the mapped URI
|
||||
func (i *Iptable) SetId(id uint) {
|
||||
if i.Id != id {
|
||||
uri := i.URI()
|
||||
i.Id = id
|
||||
decl, ok := i.Resources.Get(uri)
|
||||
if ok {
|
||||
i.Resources.Delete(uri)
|
||||
}
|
||||
i.Resources.Set(i.URI(), decl)
|
||||
}
|
||||
}
|
||||
|
||||
func (i *Iptable) URI() string {
|
||||
return fmt.Sprintf("iptable://%s/%s/%d", i.Table, i.Chain, i.Id)
|
||||
}
|
||||
|
||||
func (i *Iptable) SetURI(uri string) (err error) {
|
||||
i.parsedURI, err = url.Parse(uri)
|
||||
if err == nil {
|
||||
fields := strings.FieldsFunc(i.parsedURI.Path, func(c rune) bool { return c == '/' })
|
||||
fieldsLen := len(fields)
|
||||
if i.parsedURI.Scheme == "iptable" && fieldsLen > 0 {
|
||||
i.Table = IptableName(i.parsedURI.Hostname())
|
||||
if err = i.Table.Validate(); err != nil {
|
||||
return err
|
||||
}
|
||||
i.Chain = IptableChain(fields[0])
|
||||
if fieldsLen < 2 {
|
||||
i.ResourceType = IptableTypeChain
|
||||
} else {
|
||||
i.ResourceType = IptableTypeRule
|
||||
id, _ := strconv.ParseUint(fields[1], 10, 32)
|
||||
i.Id = uint(id)
|
||||
}
|
||||
} else {
|
||||
err = fmt.Errorf("%w: %s is not an iptable rule", ErrInvalidResourceURI, uri)
|
||||
}
|
||||
|
||||
func (i *Iptable) SetParsedURI(uri *url.URL) (err error) {
|
||||
if err = i.Common.SetParsedURI(uri); err == nil {
|
||||
i.setFieldsFromPath()
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
func (i *Iptable) UseConfig(config data.ConfigurationValueGetter) {
|
||||
i.config = config
|
||||
func (i *Iptable) NormalizePath() error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (i *Iptable) setFieldsFromPath() (err error) {
|
||||
fields := strings.FieldsFunc(i.Common.Path, func(c rune) bool { return c == '/' })
|
||||
fieldsLen := len(fields)
|
||||
if fieldsLen > 0 {
|
||||
i.Table = IptableName(fields[0])
|
||||
if err = i.Table.Validate(); err != nil {
|
||||
return err
|
||||
}
|
||||
i.Chain = IptableChain(fields[1])
|
||||
if fieldsLen < 3 {
|
||||
i.ResourceType = IptableTypeChain
|
||||
} else {
|
||||
i.ResourceType = IptableTypeRule
|
||||
id, _ := strconv.ParseUint(fields[1], 10, 32)
|
||||
i.Id = uint(id)
|
||||
}
|
||||
} else {
|
||||
err = fmt.Errorf("%w: %s is not an iptable rule", ErrInvalidResourceURI, i.Common.Uri)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
func (i *Iptable) SetURI(uri string) (err error) {
|
||||
if err = i.Common.SetURI(uri); err == nil {
|
||||
err = i.setFieldsFromPath()
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
func (i *Iptable) Validate() error {
|
||||
@ -316,6 +399,46 @@ func (i *Iptable) ResolveId(ctx context.Context) string {
|
||||
return fmt.Sprintf("%d", i.Id)
|
||||
}
|
||||
|
||||
func (f *ExtensionFlag) Match(name string, value string) bool {
|
||||
start := 0
|
||||
if name[1] == '-' {
|
||||
start = 2
|
||||
} else if name[0] == '-' {
|
||||
start = 1
|
||||
}
|
||||
return f.Name == name[start:] && f.Value == value
|
||||
}
|
||||
|
||||
func (i *Iptable) HasExtensionFlag(name string) bool {
|
||||
optName := strings.Trim(name, "-")
|
||||
for _, ext := range i.Flags {
|
||||
if ext.Name == optName {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
func (i *Iptable) HasTargetFlag(name string) bool {
|
||||
optName := strings.Trim(name, "-")
|
||||
for _, ext := range i.TargetFlags {
|
||||
if ext.Name == optName {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
func (f *TargetFlag) Match(name string, value string) bool {
|
||||
start := 0
|
||||
if name[1] == '-' {
|
||||
start = 2
|
||||
} else if name[0] == '-' {
|
||||
start = 1
|
||||
}
|
||||
return f.Name == name[start:] && f.Value == value
|
||||
}
|
||||
|
||||
func (i *Iptable) SetFlagValue(opt, value string) bool {
|
||||
switch opt {
|
||||
case "-i":
|
||||
@ -353,10 +476,14 @@ func (i *Iptable) SetFlagValue(opt, value string) bool {
|
||||
i.Sport = IptablePort(port)
|
||||
return true
|
||||
default:
|
||||
if opt[0] == '-' {
|
||||
i.Flags = append(i.Flags, ExtensionFlag{ Name: strings.Trim(opt, "-"), Value: strings.TrimSpace(value)})
|
||||
if opt[0] == '-' {
|
||||
if len(i.Jump) > 0 {
|
||||
i.TargetFlags = append(i.TargetFlags, TargetFlag{ Name: strings.Trim(opt, "-"), Value: strings.TrimSpace(value)})
|
||||
} else {
|
||||
i.Flags = append(i.Flags, ExtensionFlag{ Name: strings.Trim(opt, "-"), Value: strings.TrimSpace(value)})
|
||||
}
|
||||
return true
|
||||
}
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
@ -382,9 +509,15 @@ func (i *Iptable) GetFlagValue(opt string) any {
|
||||
case "--sport":
|
||||
return strconv.Itoa(int(i.Sport))
|
||||
default:
|
||||
if opt[0] == '-' {
|
||||
return i.Flags
|
||||
}
|
||||
if opt[0] == '-' {
|
||||
slog.Info("Iptable.GetFlagValue()", "opt", opt, "iptable", i)
|
||||
if i.HasExtensionFlag(opt) {
|
||||
return i.Flags
|
||||
}
|
||||
if i.HasTargetFlag(opt) {
|
||||
return i.TargetFlags
|
||||
}
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
@ -407,9 +540,11 @@ func (i *Iptable) SetRule(flags []string) (assigned bool) {
|
||||
|
||||
func (i *Iptable) MatchRule(flags []string) (match bool) {
|
||||
match = true
|
||||
next:
|
||||
for index, flag := range flags {
|
||||
if flag[0] == '-' {
|
||||
value := flags[index + 1]
|
||||
slog.Info("Iptable.MatchRule()", "flag", flag, "value", value)
|
||||
switch v := i.GetFlagValue(flag).(type) {
|
||||
case []string:
|
||||
for _,element := range v {
|
||||
@ -417,48 +552,57 @@ func (i *Iptable) MatchRule(flags []string) (match bool) {
|
||||
continue
|
||||
}
|
||||
}
|
||||
slog.Info("Iptable.MatchRule() - FAILED", "flag", flag, "value", v)
|
||||
match = false
|
||||
case []ExtensionFlag:
|
||||
for _,element := range v {
|
||||
if element.Name == flag && element.Value == value {
|
||||
continue
|
||||
if element.Match(flag, value) {
|
||||
continue next
|
||||
}
|
||||
}
|
||||
slog.Info("Iptable.MatchRule() - FAILED", "flag", flag, "value", v)
|
||||
match = false
|
||||
case []TargetFlag:
|
||||
for _,element := range v {
|
||||
if element.Match(flag, value) {
|
||||
continue next
|
||||
}
|
||||
}
|
||||
slog.Info("Iptable.MatchRule() - FAILED", "flag", flag, "value", v)
|
||||
match = false
|
||||
case IptableCIDR:
|
||||
if v == IptableCIDR(value) {
|
||||
continue
|
||||
}
|
||||
slog.Info("Iptable.MatchRule() - FAILED", "flag", flag, "value", v)
|
||||
match = false
|
||||
case IptableName:
|
||||
if v == IptableName(value) {
|
||||
continue
|
||||
}
|
||||
slog.Info("Iptable.MatchRule() - FAILED", "flag", flag, "value", v)
|
||||
match = false
|
||||
case IptableChain:
|
||||
if v == IptableChain(value) {
|
||||
continue
|
||||
}
|
||||
slog.Info("Iptable.MatchRule() - FAILED", "flag", flag, "value", v)
|
||||
match = false
|
||||
default:
|
||||
if v.(string) == value {
|
||||
continue
|
||||
}
|
||||
slog.Info("Iptable.MatchRule() - FAILED", "flag", flag, "value", v)
|
||||
match = false
|
||||
}
|
||||
}
|
||||
}
|
||||
slog.Info("Iptable.MatchRule()", "flags", flags, "match", match)
|
||||
return
|
||||
}
|
||||
|
||||
func (i *Iptable) ReadChainLength() error {
|
||||
c := command.NewCommand()
|
||||
c.Path = "iptables"
|
||||
c.Args = []command.CommandArg{
|
||||
command.CommandArg("-S"),
|
||||
command.CommandArg("{{ .Chain }}"),
|
||||
}
|
||||
output,err := c.Execute(i)
|
||||
output,err := i.ReadChainCommand.Execute(i)
|
||||
if err == nil {
|
||||
linesCount := strings.Count(string(output), "\n")
|
||||
if linesCount > 0 {
|
||||
@ -470,13 +614,16 @@ func (i *Iptable) ReadChainLength() error {
|
||||
return err
|
||||
}
|
||||
|
||||
func (i *Iptable) Create(ctx context.Context) error {
|
||||
func (i *Iptable) Create(ctx context.Context) (err error) {
|
||||
slog.Info("Iptable.Create()", "iptable", i)
|
||||
if i.Id > 0 {
|
||||
if lenErr := i.ReadChainLength(); lenErr != nil {
|
||||
return lenErr
|
||||
}
|
||||
}
|
||||
_, err := i.CreateCommand.Execute(i)
|
||||
|
||||
_, err = i.CreateCommand.Execute(i)
|
||||
slog.Info("Iptable.Create()", "err", err, "iptable", i, "createcommand", i.CreateCommand)
|
||||
//slog.Info("IptableChain Create()", "err", err, "errstr", err.Error(), "iptable", i, "createcommand", i.CreateCommand)
|
||||
// TODO add Command status/error handler rather than using the read extractor
|
||||
if i.CreateCommand.Extractor != nil {
|
||||
@ -484,7 +631,20 @@ func (i *Iptable) Create(ctx context.Context) error {
|
||||
return i.CreateCommand.Extractor([]byte(err.Error()), i)
|
||||
}
|
||||
}
|
||||
return nil
|
||||
return err
|
||||
}
|
||||
|
||||
func (i *Iptable) ReadStat(ctx context.Context) (err error) {
|
||||
if i.ReadCommand.Exists() {
|
||||
var out []byte
|
||||
if out, err = i.ReadCommand.Execute(i); err == nil {
|
||||
err = i.ReadCommand.Extractor(out, i)
|
||||
}
|
||||
}
|
||||
if i.Id == 0 {
|
||||
return ErrResourceStateAbsent
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
func (i *Iptable) Read(ctx context.Context) ([]byte, error) {
|
||||
@ -503,8 +663,15 @@ func (i *Iptable) Update(ctx context.Context) error {
|
||||
return i.Create(ctx)
|
||||
}
|
||||
|
||||
func (i *Iptable) Delete(ctx context.Context) error {
|
||||
return nil
|
||||
func (i *Iptable) Delete(ctx context.Context) (err error) {
|
||||
if i.Id < 1 {
|
||||
return fmt.Errorf("Failed to find rule to delete")
|
||||
}
|
||||
var out []byte
|
||||
if out, err = i.DeleteCommand.Execute(i); err == nil {
|
||||
err = i.DeleteCommand.Extractor(out, i)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
func (i *Iptable) Type() string { return "iptable" }
|
||||
@ -552,9 +719,7 @@ func NewIptableCreateCommand() *command.Command {
|
||||
c.Args = []command.CommandArg{
|
||||
command.CommandArg("-t"),
|
||||
command.CommandArg("{{ .Table }}"),
|
||||
command.CommandArg("{{ if le .Id .ChainLength }}-R{{ else }}-A{{ end }}"),
|
||||
command.CommandArg("{{ .Chain }}"),
|
||||
command.CommandArg("{{ if le .Id .ChainLength }}{{ .Id }}{{ end }}"),
|
||||
command.CommandArg("{{ if and (le .Id .ChainLength) (gt .Id 0) }}-R {{ .Chain }} {{ .Id }}{{ else }}-A {{ .Chain }}{{ end }}"),
|
||||
command.CommandArg("{{ if .In }}-i {{ .In }}{{ else if .Out }}-o {{ .Out }}{{ end }}"),
|
||||
command.CommandArg("{{ range .Match }}-m {{ . }} {{- end }}"),
|
||||
command.CommandArg("{{ if .Source }}-s {{ .Source }}{{ end }}"),
|
||||
@ -562,8 +727,9 @@ func NewIptableCreateCommand() *command.Command {
|
||||
command.CommandArg("{{ if .Destination }}-d {{ .Destination }}{{ end }}"),
|
||||
command.CommandArg("{{ if .Dport }}--dport {{ .Dport }}{{ end }}"),
|
||||
command.CommandArg("{{ if .Proto }}-p {{ .Proto }}{{ end }}"),
|
||||
command.CommandArg("{{ range .Flags }} --{{ .Name }} {{ .Value }} {{ end }}"),
|
||||
command.CommandArg("{{ range .Flags -}} --{{ .Name }} {{ .Value }} {{- end }}"),
|
||||
command.CommandArg("{{ if .Jump }}-j {{ .Jump }}{{ end }}"),
|
||||
command.CommandArg("{{ range .TargetFlags -}} --{{ .Name }} {{ .Value }}{{- end }}"),
|
||||
}
|
||||
return c
|
||||
}
|
||||
@ -584,7 +750,7 @@ func IptableExtractRule(lineNumber uint, ruleLine string, target *Iptable) (stat
|
||||
}
|
||||
} else {
|
||||
if target.MatchRule(flags) {
|
||||
target.Id = lineNumber
|
||||
target.SetId(lineNumber)
|
||||
state = "present"
|
||||
err = nil
|
||||
}
|
||||
@ -661,7 +827,7 @@ func NewIptableReadChainCommand() *command.Command {
|
||||
}
|
||||
for lineIndex, line := range lines[1:] {
|
||||
i := (*IptableChainRules)[lineIndex]
|
||||
i.Id = uint(lineIndex + 1)
|
||||
i.SetId(uint(lineIndex + 1))
|
||||
ruleFields := strings.Split(strings.TrimSpace(line), " ")
|
||||
if ruleFields[0] == "-A" {
|
||||
flags := ruleFields[2:]
|
||||
@ -682,7 +848,16 @@ func NewIptableUpdateCommand() *command.Command {
|
||||
}
|
||||
|
||||
func NewIptableDeleteCommand() *command.Command {
|
||||
return nil
|
||||
c := command.NewCommand()
|
||||
c.Path = "iptables"
|
||||
c.Args = []command.CommandArg{
|
||||
command.CommandArg("-t"),
|
||||
command.CommandArg("{{ .Table }}"),
|
||||
command.CommandArg("-D"),
|
||||
command.CommandArg("{{ .Chain }}"),
|
||||
command.CommandArg("{{ .Id }}"),
|
||||
}
|
||||
return c
|
||||
}
|
||||
|
||||
func NewIptableChainCreateCommand() *command.Command {
|
||||
@ -766,7 +941,7 @@ func RuleExtractorMatchFlags(out []byte, target any) (err error) {
|
||||
slog.Info("RuleExtractorMatchFlags()", "flags", flags, "ipt", ipt)
|
||||
err = nil
|
||||
ipt.Common.State = "present"
|
||||
ipt.Id = uint(linesIndex)
|
||||
ipt.SetId(uint(linesIndex))
|
||||
return
|
||||
}
|
||||
}
|
||||
@ -838,6 +1013,14 @@ func NewIptableChainUpdateCommand() *command.Command {
|
||||
}
|
||||
|
||||
func NewIptableChainDeleteCommand() *command.Command {
|
||||
return nil
|
||||
c := command.NewCommand()
|
||||
c.Path = "iptables"
|
||||
c.Args = []command.CommandArg{
|
||||
command.CommandArg("-t"),
|
||||
command.CommandArg("{{ .Table }}"),
|
||||
command.CommandArg("-X"),
|
||||
command.CommandArg("{{ .Chain }}"),
|
||||
}
|
||||
return c
|
||||
}
|
||||
|
||||
|
@ -20,6 +20,7 @@ _ "syscall"
|
||||
"testing"
|
||||
_ "time"
|
||||
"decl/internal/command"
|
||||
"decl/internal/data"
|
||||
)
|
||||
|
||||
func TestNewIptableResource(t *testing.T) {
|
||||
@ -77,10 +78,59 @@ func TestReadIptable(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestCreateIptable(t *testing.T) {
|
||||
ctx := context.Background()
|
||||
testRule := NewIptable()
|
||||
assert.NotNil(t, testRule)
|
||||
|
||||
declarationAttributes := `
|
||||
table: "filter"
|
||||
id: 5
|
||||
chain: "INPUT"
|
||||
source: "192.168.0.0/24"
|
||||
destination: "192.168.0.1"
|
||||
jump: "ACCEPT"
|
||||
state: present
|
||||
`
|
||||
|
||||
m := &MockCommand{
|
||||
Executor: func(value any) ([]byte, error) {
|
||||
return nil, nil
|
||||
},
|
||||
Extractor: func(output []byte, target any) error {
|
||||
testRule.Table = "filter"
|
||||
testRule.Id = 3
|
||||
testRule.Chain = "INPUT"
|
||||
testRule.In = "eth0"
|
||||
testRule.Source = "192.168.0.0/24"
|
||||
testRule.State = "present"
|
||||
return nil
|
||||
},
|
||||
}
|
||||
|
||||
mockReadChain := &MockCommand{
|
||||
Executor: func(value any) ([]byte, error) {
|
||||
return []byte(`
|
||||
-P INPUT ACCEPT
|
||||
-A INPUT -j LIBVIRT_INP
|
||||
`), nil
|
||||
},
|
||||
}
|
||||
|
||||
e := testRule.LoadDecl(declarationAttributes)
|
||||
assert.Nil(t, e)
|
||||
|
||||
testRule.ReadChainCommand = (*command.Command)(mockReadChain)
|
||||
testRule.ReadCommand = (*command.Command)(m)
|
||||
testRule.CreateCommand = (*command.Command)(m)
|
||||
|
||||
assert.Nil(t, testRule.Create(ctx))
|
||||
|
||||
assert.Equal(t, uint(2), testRule.ChainLength)
|
||||
_, err := testRule.Read(ctx)
|
||||
assert.Nil(t, err)
|
||||
|
||||
//assert.Equal(t, uint(3), testRule.ChainLength)
|
||||
assert.Equal(t, uint(3), testRule.Id)
|
||||
}
|
||||
|
||||
func TestIptableSetFlagValue(t *testing.T) {
|
||||
@ -117,6 +167,7 @@ func TestIptableRuleExtractorById(t *testing.T) {
|
||||
|
||||
func TestIptableRuleExtractorByFlags(t *testing.T) {
|
||||
ipt := NewIptable()
|
||||
ipt.Resources = data.NewResourceMapper()
|
||||
assert.NotNil(t, ipt)
|
||||
ipt.Table = IptableName("filter")
|
||||
ipt.Chain = IptableChain("FOO")
|
||||
|
@ -136,11 +136,17 @@ type NetworkRoute struct {
|
||||
}
|
||||
|
||||
func NewNetworkRoute() *NetworkRoute {
|
||||
n := &NetworkRoute{Rtid: NetworkRouteTableMain, Common: &Common{ resourceType: NetworkRouteTypeName } }
|
||||
n := &NetworkRoute{Rtid: NetworkRouteTableMain}
|
||||
n.Common = NewCommon(NetworkRouteTypeName, false)
|
||||
n.Common.NormalizePath = n.NormalizePath
|
||||
n.CreateCommand, n.ReadCommand, n.UpdateCommand, n.DeleteCommand = n.NewCRUD()
|
||||
return n
|
||||
}
|
||||
|
||||
func (n *NetworkRoute) NormalizePath() error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (n *NetworkRoute) SetResourceMapper(resources data.ResourceMapper) {
|
||||
n.Resources = resources
|
||||
}
|
||||
|
@ -119,6 +119,16 @@ func (k *PKI) Notify(m *machine.EventMessage) {
|
||||
switch m.On {
|
||||
case machine.ENTERSTATEEVENT:
|
||||
switch m.Dest {
|
||||
case "start_stat":
|
||||
if statErr := k.ReadStat(); statErr == nil {
|
||||
if triggerErr := k.StateMachine().Trigger("exists"); triggerErr == nil {
|
||||
return
|
||||
}
|
||||
} else {
|
||||
if triggerErr := k.StateMachine().Trigger("notexists"); triggerErr == nil {
|
||||
return
|
||||
}
|
||||
}
|
||||
case "start_read":
|
||||
if _,readErr := k.Read(ctx); readErr == nil {
|
||||
if triggerErr := k.StateMachine().Trigger("state_read"); triggerErr == nil {
|
||||
@ -228,6 +238,27 @@ func (k *PKI) LoadDecl(yamlResourceDeclaration string) error {
|
||||
return k.LoadString(yamlResourceDeclaration, codec.FormatYaml)
|
||||
}
|
||||
|
||||
func (k *PKI) ReadStat() (err error) {
|
||||
var resourcesErr []string
|
||||
if ! k.PrivateKeyRef.Exists() {
|
||||
resourcesErr = append(resourcesErr, string(k.PrivateKeyRef))
|
||||
}
|
||||
|
||||
if ! k.PublicKeyRef.Exists() {
|
||||
resourcesErr = append(resourcesErr, string(k.PublicKeyRef))
|
||||
}
|
||||
|
||||
if ! k.CertificateRef.Exists() {
|
||||
resourcesErr = append(resourcesErr, string(k.CertificateRef))
|
||||
}
|
||||
|
||||
if len(resourcesErr) > 0 {
|
||||
err = fmt.Errorf("PKI resources missing: %s", strings.Join(resourcesErr, ","))
|
||||
// k.State = "absent"
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
func (k *PKI) ResolveId(ctx context.Context) string {
|
||||
return string(k.PrivateKeyRef)
|
||||
}
|
||||
|
@ -36,6 +36,9 @@ func (rm TestResourceMapper) Has(key string) (ok bool) {
|
||||
func (rm TestResourceMapper) Set(key string, value data.Declaration) {
|
||||
}
|
||||
|
||||
func (rm TestResourceMapper) Delete(key string) {
|
||||
}
|
||||
|
||||
type StringContentReadWriter func() (any, error)
|
||||
|
||||
func (s StringContentReadWriter) ContentWriterStream() (*transport.Writer, error) {
|
||||
|
@ -6,7 +6,7 @@ package resource
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
_ "log/slog"
|
||||
"log/slog"
|
||||
"net/url"
|
||||
"path/filepath"
|
||||
"io"
|
||||
@ -14,8 +14,14 @@ _ "log/slog"
|
||||
"gitea.rosskeen.house/rosskeen.house/machine"
|
||||
"decl/internal/codec"
|
||||
"decl/internal/data"
|
||||
"decl/internal/command"
|
||||
"encoding/json"
|
||||
"strings"
|
||||
"errors"
|
||||
)
|
||||
|
||||
var (
|
||||
ErrUnsupportedServiceManagerType error = errors.New("Unsupported service manager")
|
||||
)
|
||||
|
||||
const (
|
||||
@ -29,16 +35,28 @@ const (
|
||||
ServiceManagerTypeSysV ServiceManagerType = "sysv"
|
||||
)
|
||||
|
||||
const (
|
||||
SysVStatusRunning int = 0
|
||||
SysVStatusStopped int = 1
|
||||
SysVStatusUnknown int = 2
|
||||
SysVStatusMissing int = 3
|
||||
)
|
||||
|
||||
var (
|
||||
SupportedServiceManagerTypes []ServiceManagerType = []ServiceManagerType{ServiceManagerTypeSystemd, ServiceManagerTypeSysV}
|
||||
SystemServiceManagerType ServiceManagerType = FindSystemServiceManagerType()
|
||||
)
|
||||
|
||||
type Service struct {
|
||||
*Common `yaml:",inline" json:",inline"`
|
||||
stater machine.Stater `yaml:"-" json:"-"`
|
||||
Name string `json:"name" yaml:"name"`
|
||||
ServiceManagerType ServiceManagerType `json:"servicemanager,omitempty" yaml:"servicemanager,omitempty"`
|
||||
|
||||
CreateCommand *Command `yaml:"-" json:"-"`
|
||||
ReadCommand *Command `yaml:"-" json:"-"`
|
||||
UpdateCommand *Command `yaml:"-" json:"-"`
|
||||
DeleteCommand *Command `yaml:"-" json:"-"`
|
||||
CreateCommand *command.Command `yaml:"-" json:"-"`
|
||||
ReadCommand *command.Command `yaml:"-" json:"-"`
|
||||
UpdateCommand *command.Command `yaml:"-" json:"-"`
|
||||
DeleteCommand *command.Command `yaml:"-" json:"-"`
|
||||
|
||||
config data.ConfigurationValueGetter
|
||||
Resources data.ResourceMapper `yaml:"-" json:"-"`
|
||||
@ -53,8 +71,25 @@ func init() {
|
||||
})
|
||||
}
|
||||
|
||||
func NewService() *Service {
|
||||
return &Service{ ServiceManagerType: ServiceManagerTypeSystemd, Common: &Common{ resourceType: ServiceTypeName } }
|
||||
func FindSystemServiceManagerType() ServiceManagerType {
|
||||
for _, servicemanagerType := range SupportedServiceManagerTypes {
|
||||
if c := servicemanagerType.NewReadCommand(); c != nil && c.Exists() {
|
||||
return servicemanagerType
|
||||
}
|
||||
}
|
||||
return ServiceManagerTypeSystemd
|
||||
}
|
||||
|
||||
func NewService() (s *Service) {
|
||||
s = &Service{ ServiceManagerType: SystemServiceManagerType }
|
||||
s.Common = NewCommon(ServiceTypeName, false)
|
||||
s.Common.NormalizePath = s.NormalizePath
|
||||
s.CreateCommand, s.ReadCommand, s.UpdateCommand, s.DeleteCommand = s.ServiceManagerType.NewCRUD()
|
||||
return
|
||||
}
|
||||
|
||||
func (s *Service) NormalizePath() error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (s *Service) StateMachine() machine.Stater {
|
||||
@ -69,6 +104,16 @@ func (s *Service) Notify(m *machine.EventMessage) {
|
||||
switch m.On {
|
||||
case machine.ENTERSTATEEVENT:
|
||||
switch m.Dest {
|
||||
case "start_stat":
|
||||
if statErr := s.ReadStat(); statErr == nil {
|
||||
if triggerErr := s.StateMachine().Trigger("exists"); triggerErr == nil {
|
||||
return
|
||||
}
|
||||
} else {
|
||||
if triggerErr := s.StateMachine().Trigger("notexists"); triggerErr == nil {
|
||||
return
|
||||
}
|
||||
}
|
||||
case "start_create":
|
||||
if e := s.Create(ctx); e == nil {
|
||||
if triggerErr := s.stater.Trigger("created"); triggerErr == nil {
|
||||
@ -76,10 +121,24 @@ func (s *Service) Notify(m *machine.EventMessage) {
|
||||
}
|
||||
}
|
||||
s.Common.State = "absent"
|
||||
case "created":
|
||||
case "start_read":
|
||||
if _,readErr := s.Read(ctx); readErr == nil {
|
||||
if triggerErr := s.stater.Trigger("state_read"); triggerErr == nil {
|
||||
return
|
||||
} else {
|
||||
s.Common.State = "absent"
|
||||
panic(triggerErr)
|
||||
}
|
||||
} else {
|
||||
s.Common.State = "absent"
|
||||
panic(readErr)
|
||||
}
|
||||
case "present", "created", "read":
|
||||
s.Common.State = "present"
|
||||
case "running":
|
||||
s.Common.State = "running"
|
||||
case "absent":
|
||||
s.Common.State = "absent"
|
||||
}
|
||||
case machine.EXITSTATEEVENT:
|
||||
}
|
||||
@ -89,20 +148,27 @@ func (s *Service) URI() string {
|
||||
return fmt.Sprintf("service://%s", s.Name)
|
||||
}
|
||||
|
||||
func (s *Service) SetURI(uri string) error {
|
||||
resourceUri, e := url.Parse(uri)
|
||||
if e == nil {
|
||||
if resourceUri.Scheme == s.Type() {
|
||||
s.Name = filepath.Join(resourceUri.Hostname(), resourceUri.RequestURI())
|
||||
} else {
|
||||
e = fmt.Errorf("%w: %s is not a %s", ErrInvalidResourceURI, uri, s.Type())
|
||||
}
|
||||
func (s *Service) SetParsedURI(uri *url.URL) (err error) {
|
||||
if err = s.Common.SetParsedURI(uri); err == nil {
|
||||
err = s.setFieldsFromPath()
|
||||
}
|
||||
return e
|
||||
return
|
||||
}
|
||||
|
||||
func (s *Service) UseConfig(config data.ConfigurationValueGetter) {
|
||||
s.config = config
|
||||
func (s *Service) setFieldsFromPath() (err error) {
|
||||
if len(s.Common.Path) > 0 {
|
||||
s.Name = s.Common.Path
|
||||
} else {
|
||||
err = fmt.Errorf("%w: %s is not an iptable rule", ErrInvalidResourceURI, s.Common.Uri)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
func (s *Service) SetURI(uri string) (err error) {
|
||||
if err = s.Common.SetURI(uri); err == nil {
|
||||
err = s.setFieldsFromPath()
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
func (s *Service) JSON() ([]byte, error) {
|
||||
@ -167,7 +233,7 @@ func (s *Service) UnmarshalYAML(value *yaml.Node) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (s *ServiceManagerType) NewCRUD() (create *Command, read *Command, update *Command, del *Command) {
|
||||
func (s *ServiceManagerType) NewCRUD() (create *command.Command, read *command.Command, update *command.Command, del *command.Command) {
|
||||
switch *s {
|
||||
case ServiceManagerTypeSystemd:
|
||||
return NewSystemdCreateCommand(), NewSystemdReadCommand(), NewSystemdUpdateCommand(), NewSystemdDeleteCommand()
|
||||
@ -178,14 +244,52 @@ func (s *ServiceManagerType) NewCRUD() (create *Command, read *Command, update *
|
||||
return nil, nil, nil, nil
|
||||
}
|
||||
|
||||
|
||||
func (s *Service) Create(ctx context.Context) error {
|
||||
func (s *ServiceManagerType) NewReadCommand() (read *command.Command) {
|
||||
switch *s {
|
||||
case ServiceManagerTypeSystemd:
|
||||
return NewSystemdReadCommand()
|
||||
case ServiceManagerTypeSysV:
|
||||
return NewSysVReadCommand()
|
||||
default:
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (s *Service) Read(ctx context.Context) ([]byte, error) {
|
||||
|
||||
return yaml.Marshal(s)
|
||||
func (s *Service) Create(ctx context.Context) (err error) {
|
||||
var out []byte
|
||||
out, err = s.CreateCommand.Execute(s)
|
||||
slog.Info("Service.Create()", "out", out, "error", err)
|
||||
return
|
||||
}
|
||||
|
||||
func (s *Service) ReadStat() (err error) {
|
||||
if s.ReadCommand.Exists() {
|
||||
_, err = s.ReadCommand.Execute(s)
|
||||
} else {
|
||||
err = ErrUnsupportedServiceManagerType
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
func (s *Service) Read(ctx context.Context) (resourceYaml []byte, err error) {
|
||||
if s.ReadCommand.Exists() {
|
||||
var out []byte
|
||||
out, err = s.ReadCommand.Execute(s)
|
||||
if err == nil {
|
||||
err = s.ReadCommand.Extractor(out, s)
|
||||
} else {
|
||||
err = fmt.Errorf("%w - %w", ErrResourceStateAbsent, err)
|
||||
}
|
||||
slog.Info("Service.Read()", "service", s, "error", err)
|
||||
} else {
|
||||
err = ErrUnsupportedServiceManagerType
|
||||
}
|
||||
var yamlErr error
|
||||
resourceYaml, yamlErr = yaml.Marshal(s)
|
||||
if err == nil {
|
||||
err = yamlErr
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
func (s *Service) Update(ctx context.Context) error {
|
||||
@ -202,22 +306,22 @@ func (s *Service) ResolveId(ctx context.Context) string {
|
||||
return ""
|
||||
}
|
||||
|
||||
func NewSystemdCreateCommand() *Command {
|
||||
c := NewCommand()
|
||||
func NewSystemdCreateCommand() *command.Command {
|
||||
c := command.NewCommand()
|
||||
c.Path = "systemctl"
|
||||
c.Args = []CommandArg{
|
||||
CommandArg("enable"),
|
||||
CommandArg("{{ .Name }}"),
|
||||
c.Args = []command.CommandArg{
|
||||
command.CommandArg("enable"),
|
||||
command.CommandArg("{{ .Name }}"),
|
||||
}
|
||||
return c
|
||||
}
|
||||
|
||||
func NewSystemdReadCommand() *Command {
|
||||
c := NewCommand()
|
||||
func NewSystemdReadCommand() *command.Command {
|
||||
c := command.NewCommand()
|
||||
c.Path = "systemctl"
|
||||
c.Args = []CommandArg{
|
||||
CommandArg("show"),
|
||||
CommandArg("{{ .Name }}"),
|
||||
c.Args = []command.CommandArg{
|
||||
command.CommandArg("show"),
|
||||
command.CommandArg("{{ .Name }}"),
|
||||
}
|
||||
c.Extractor = func(out []byte, target any) error {
|
||||
s := target.(*Service)
|
||||
@ -253,26 +357,63 @@ func NewSystemdReadCommand() *Command {
|
||||
return c
|
||||
}
|
||||
|
||||
func NewSystemdUpdateCommand() *Command {
|
||||
func NewSystemdUpdateCommand() *command.Command {
|
||||
return nil
|
||||
}
|
||||
|
||||
func NewSystemdDeleteCommand() *Command {
|
||||
func NewSystemdDeleteCommand() *command.Command {
|
||||
return nil
|
||||
}
|
||||
|
||||
func NewSysVCreateCommand() *Command {
|
||||
func NewSysVCreateCommand() *command.Command {
|
||||
return nil
|
||||
}
|
||||
|
||||
func NewSysVReadCommand() *Command {
|
||||
func NewSysVReadCommand() *command.Command {
|
||||
c := command.NewCommand()
|
||||
c.Path = "service"
|
||||
c.Args = []command.CommandArg{
|
||||
command.CommandArg("status"),
|
||||
command.CommandArg("{{ .Name }}"),
|
||||
}
|
||||
c.Extractor = func(out []byte, target any) (err error) {
|
||||
s := target.(*Service)
|
||||
/*
|
||||
serviceStatus := strings.Split(string(out), "\n")
|
||||
for _, statusLine := range(serviceStatus) {
|
||||
if len(statusLine) > 1 {
|
||||
statusFields := strings.Fields(statusLine)
|
||||
}
|
||||
}
|
||||
*/
|
||||
if len(out) < 1 {
|
||||
if err = s.stater.Trigger("notexist"); err != nil {
|
||||
return
|
||||
}
|
||||
}
|
||||
switch c.ExitCode {
|
||||
case SysVStatusRunning:
|
||||
if err = s.stater.Trigger("running"); err != nil {
|
||||
return
|
||||
}
|
||||
case SysVStatusStopped:
|
||||
if err = s.stater.Trigger("created"); err != nil {
|
||||
return
|
||||
}
|
||||
case SysVStatusUnknown, SysVStatusMissing:
|
||||
if err = s.stater.Trigger("notexist"); err != nil {
|
||||
return
|
||||
}
|
||||
}
|
||||
return
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func NewSysVUpdateCommand() *Command {
|
||||
func NewSysVUpdateCommand() *command.Command {
|
||||
return nil
|
||||
}
|
||||
|
||||
func NewSysVDeleteCommand() *Command {
|
||||
func NewSysVDeleteCommand() *command.Command {
|
||||
return nil
|
||||
}
|
||||
|
@ -5,6 +5,7 @@ package resource
|
||||
import (
|
||||
"context"
|
||||
_ "decl/tests/mocks"
|
||||
"decl/internal/command"
|
||||
_ "fmt"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"testing"
|
||||
@ -22,15 +23,28 @@ func TestUriServiceResource(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestReadServiceResource(t *testing.T) {
|
||||
|
||||
s := NewService()
|
||||
s.Name = "ssh"
|
||||
|
||||
yamlResult := `
|
||||
name: "ssh"
|
||||
servicemanager: "systemd"
|
||||
state: "present"
|
||||
`
|
||||
c := NewService()
|
||||
c.Name = "ssh"
|
||||
c.State = "present"
|
||||
yamlData, err := c.Read(context.Background())
|
||||
m := &MockCommand{
|
||||
CommandExists: func() error { return nil },
|
||||
Executor: func(value any) ([]byte, error) {
|
||||
return nil, nil
|
||||
},
|
||||
Extractor: func(output []byte, target any) error {
|
||||
s.Common.State = "present"
|
||||
return nil
|
||||
},
|
||||
}
|
||||
|
||||
s.ReadCommand = (*command.Command)(m)
|
||||
yamlData, err := s.Read(context.Background())
|
||||
assert.Nil(t, err)
|
||||
assert.YAMLEq(t, yamlResult, string(yamlData))
|
||||
}
|
||||
|
@ -28,13 +28,15 @@ type UserType string
|
||||
|
||||
const (
|
||||
UserTypeName TypeName = "user"
|
||||
UserTypeAddUser UserType = "adduser"
|
||||
UserTypeUserAdd UserType = "useradd"
|
||||
UserTypeBusyBox UserType = "busybox"
|
||||
UserTypeShadow UserType = "shadow"
|
||||
)
|
||||
|
||||
var ErrUnsupportedUserType error = errors.New("The UserType is not supported on this system")
|
||||
var ErrInvalidUserType error = errors.New("invalid UserType value")
|
||||
|
||||
var SupportedUserTypes []UserType = []UserType{UserTypeShadow, UserTypeBusyBox}
|
||||
|
||||
var SystemUserType UserType = FindSystemUserType()
|
||||
|
||||
type User struct {
|
||||
@ -44,11 +46,15 @@ type User struct {
|
||||
UID string `json:"uid,omitempty" yaml:"uid,omitempty"`
|
||||
Group string `json:"group,omitempty" yaml:"group,omitempty"`
|
||||
Groups []string `json:"groups,omitempty" yaml:"groups,omitempty"`
|
||||
AppendGroups bool `json:"appendgroups,omitempty" yaml:"appendgroups,omitempty"`
|
||||
Gecos string `json:"gecos,omitempty" yaml:"gecos,omitempty"`
|
||||
Home string `json:"home" yaml:"home"`
|
||||
CreateHome bool `json:"createhome,omitempty" yaml:"createhome,omitempty"`
|
||||
Shell string `json:"shell,omitempty" yaml:"shell,omitempty"`
|
||||
UserType UserType `json:"-" yaml:"-"`
|
||||
UserType UserType `json:"type,omitempty" yaml:"type,omitempty"`
|
||||
|
||||
userStatus *user.User `json:"-" yaml:"-"`
|
||||
groupStatus *user.Group `json:"-" yaml:"-"`
|
||||
|
||||
CreateCommand *command.Command `json:"-" yaml:"-"`
|
||||
ReadCommand *command.Command `json:"-" yaml:"-"`
|
||||
@ -59,7 +65,10 @@ type User struct {
|
||||
}
|
||||
|
||||
func NewUser() *User {
|
||||
return &User{ CreateHome: true, Common: &Common{ resourceType: UserTypeName } }
|
||||
u := &User{ CreateHome: true, AppendGroups: true, UserType: SystemUserType }
|
||||
u.Common = NewCommon(UserTypeName, false)
|
||||
u.Common.NormalizePath = u.NormalizePath
|
||||
return u
|
||||
}
|
||||
|
||||
func init() {
|
||||
@ -67,25 +76,23 @@ func init() {
|
||||
user := NewUser()
|
||||
user.Name = u.Hostname()
|
||||
user.UID = LookupUIDString(u.Hostname())
|
||||
if _, addUserPathErr := exec.LookPath("adduser"); addUserPathErr == nil {
|
||||
user.UserType = UserTypeAddUser
|
||||
}
|
||||
if _, pathErr := exec.LookPath("useradd"); pathErr == nil {
|
||||
user.UserType = UserTypeUserAdd
|
||||
}
|
||||
user.CreateCommand, user.ReadCommand, user.UpdateCommand, user.DeleteCommand = user.UserType.NewCRUD()
|
||||
return user
|
||||
})
|
||||
}
|
||||
|
||||
func FindSystemUserType() UserType {
|
||||
for _, userType := range []UserType{UserTypeAddUser, UserTypeUserAdd} {
|
||||
for _, userType := range SupportedUserTypes {
|
||||
c := userType.NewCreateCommand()
|
||||
if c.Exists() {
|
||||
return userType
|
||||
}
|
||||
}
|
||||
return UserTypeAddUser
|
||||
return UserTypeShadow
|
||||
}
|
||||
|
||||
func (u *User) NormalizePath() error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (u *User) SetResourceMapper(resources data.ResourceMapper) {
|
||||
@ -121,6 +128,16 @@ func (u *User) Notify(m *machine.EventMessage) {
|
||||
switch m.On {
|
||||
case machine.ENTERSTATEEVENT:
|
||||
switch m.Dest {
|
||||
case "start_stat":
|
||||
if statErr := u.ReadStat(); statErr == nil {
|
||||
if triggerErr := u.StateMachine().Trigger("exists"); triggerErr == nil {
|
||||
return
|
||||
}
|
||||
} else {
|
||||
if triggerErr := u.StateMachine().Trigger("notexists"); triggerErr == nil {
|
||||
return
|
||||
}
|
||||
}
|
||||
case "start_read":
|
||||
if _,readErr := u.Read(ctx); readErr == nil {
|
||||
if triggerErr := u.StateMachine().Trigger("state_read"); triggerErr == nil {
|
||||
@ -133,6 +150,17 @@ func (u *User) Notify(m *machine.EventMessage) {
|
||||
u.Common.State = "absent"
|
||||
panic(readErr)
|
||||
}
|
||||
case "start_update":
|
||||
if updateErr := u.Update(ctx); updateErr == nil {
|
||||
if triggerErr := u.stater.Trigger("updated"); triggerErr == nil {
|
||||
return
|
||||
} else {
|
||||
u.Common.State = "absent"
|
||||
}
|
||||
} else {
|
||||
u.Common.State = "absent"
|
||||
panic(updateErr)
|
||||
}
|
||||
case "start_delete":
|
||||
if deleteErr := u.Delete(ctx); deleteErr == nil {
|
||||
if triggerErr := u.StateMachine().Trigger("deleted"); triggerErr == nil {
|
||||
@ -183,7 +211,7 @@ func (u *User) UseConfig(config data.ConfigurationValueGetter) {
|
||||
|
||||
func (u *User) ResolveId(ctx context.Context) string {
|
||||
if u.config != nil {
|
||||
if configUser, configUserErr := u.config.GetValue("user"); configUserErr == nil && u.Name == "" {
|
||||
if configUser, configUserErr := u.config.GetValue("user"); configUserErr == nil && u.Name == "self" {
|
||||
u.Name = configUser.(string)
|
||||
}
|
||||
}
|
||||
@ -241,20 +269,74 @@ func (u *User) Create(ctx context.Context) (error) {
|
||||
return e
|
||||
}
|
||||
|
||||
func (u *User) ReadStat() (err error) {
|
||||
if u.userStatus == nil {
|
||||
if u.userStatus, err = user.Lookup(u.Name); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
if len(u.userStatus.Uid) < 1 {
|
||||
return ErrResourceStateAbsent
|
||||
}
|
||||
u.UID = u.userStatus.Uid
|
||||
if len(u.Group) > 1 {
|
||||
if u.groupStatus == nil {
|
||||
if u.groupStatus, err = user.LookupGroup(u.Group); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
if len(u.groupStatus.Gid) < 1 {
|
||||
return ErrResourceStateAbsent
|
||||
}
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
func (u *User) Read(ctx context.Context) ([]byte, error) {
|
||||
exErr := u.ReadCommand.Extractor(nil, u)
|
||||
if exErr != nil {
|
||||
u.Common.State = "absent"
|
||||
}
|
||||
if yaml, yamlErr := yaml.Marshal(u); yamlErr != nil {
|
||||
return yaml, yamlErr
|
||||
_ = u.ReadGroups()
|
||||
if yamlDoc, yamlErr := yaml.Marshal(u); yamlErr != nil {
|
||||
return yamlDoc, yamlErr
|
||||
} else {
|
||||
return yaml, exErr
|
||||
return yamlDoc, exErr
|
||||
}
|
||||
}
|
||||
|
||||
func (u *User) ReadGroups() (err error) {
|
||||
knownSecondaryGroups := make(map[string]bool)
|
||||
for _, secondaryGroupName := range u.Groups {
|
||||
knownSecondaryGroups[secondaryGroupName] = true
|
||||
}
|
||||
if u.ReadStat() == nil {
|
||||
if groups, groupsErr := u.userStatus.GroupIds(); groupsErr == nil {
|
||||
for _, secondaryGroup := range groups {
|
||||
if readGroup, groupErr := user.LookupGroupId(secondaryGroup); groupErr == nil {
|
||||
if ! knownSecondaryGroups[readGroup.Name] {
|
||||
u.Groups = append(u.Groups, readGroup.Name)
|
||||
knownSecondaryGroups[readGroup.Name] = true
|
||||
}
|
||||
} else {
|
||||
err = groupErr
|
||||
}
|
||||
}
|
||||
} else {
|
||||
err = groupsErr
|
||||
}
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
func (u *User) Update(ctx context.Context) (error) {
|
||||
return u.Create(ctx)
|
||||
_, err := u.UpdateCommand.Execute(u)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
_,e := u.Read(ctx)
|
||||
return e
|
||||
}
|
||||
|
||||
func (u *User) Delete(ctx context.Context) (error) {
|
||||
@ -284,38 +366,38 @@ func (u *User) UnmarshalYAML(value *yaml.Node) error {
|
||||
|
||||
func (u *UserType) NewCRUD() (create *command.Command, read *command.Command, update *command.Command, del *command.Command) {
|
||||
switch *u {
|
||||
case UserTypeUserAdd:
|
||||
return NewUserAddCreateCommand(), NewUserReadCommand(), NewUserUpdateCommand(), NewUserDelDeleteCommand()
|
||||
case UserTypeAddUser:
|
||||
return NewAddUserCreateCommand(), NewUserReadCommand(), NewUserUpdateCommand(), NewDelUserDeleteCommand()
|
||||
case UserTypeShadow:
|
||||
return NewUserShadowCreateCommand(), NewUserReadCommand(), NewUserShadowUpdateCommand(), NewUserShadowDeleteCommand()
|
||||
case UserTypeBusyBox:
|
||||
return NewUserBusyBoxCreateCommand(), NewUserReadCommand(), NewUserBusyBoxUpdateCommand(), NewUserBusyBoxDeleteCommand()
|
||||
default:
|
||||
if _, addUserPathErr := exec.LookPath("adduser"); addUserPathErr == nil {
|
||||
*u = UserTypeAddUser
|
||||
return NewAddUserCreateCommand(), NewUserReadCommand(), NewUserUpdateCommand(), NewDelUserDeleteCommand()
|
||||
*u = UserTypeBusyBox
|
||||
return NewUserBusyBoxCreateCommand(), NewUserReadCommand(), NewUserBusyBoxUpdateCommand(), NewUserBusyBoxDeleteCommand()
|
||||
}
|
||||
if _, pathErr := exec.LookPath("useradd"); pathErr == nil {
|
||||
*u = UserTypeUserAdd
|
||||
return NewUserAddCreateCommand(), NewUserReadCommand(), NewUserUpdateCommand(), NewUserDelDeleteCommand()
|
||||
*u = UserTypeShadow
|
||||
return NewUserShadowCreateCommand(), NewUserReadCommand(), NewUserShadowUpdateCommand(), NewUserShadowDeleteCommand()
|
||||
}
|
||||
return NewUserAddCreateCommand(), NewUserReadCommand(), NewUserUpdateCommand(), NewUserDelDeleteCommand()
|
||||
return NewUserShadowCreateCommand(), NewUserReadCommand(), NewUserShadowUpdateCommand(), NewUserShadowDeleteCommand()
|
||||
}
|
||||
}
|
||||
|
||||
func (u *UserType) NewReadCommand() (read *command.Command) {
|
||||
return NewUserReadCommand()
|
||||
}
|
||||
|
||||
func (u *UserType) NewCreateCommand() (create *command.Command) {
|
||||
switch *u {
|
||||
case UserTypeUserAdd:
|
||||
return NewUserAddCreateCommand()
|
||||
case UserTypeAddUser:
|
||||
return NewAddUserCreateCommand()
|
||||
case UserTypeShadow:
|
||||
return NewUserShadowCreateCommand()
|
||||
case UserTypeBusyBox:
|
||||
return NewUserBusyBoxCreateCommand()
|
||||
default:
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (u *UserType) NewReadCommand() (*command.Command) {
|
||||
return NewUserReadCommand()
|
||||
}
|
||||
|
||||
func (p *UserType) NewReadUsersCommand() (*command.Command) {
|
||||
return NewReadUsersCommand()
|
||||
}
|
||||
@ -323,7 +405,7 @@ func (p *UserType) NewReadUsersCommand() (*command.Command) {
|
||||
|
||||
func (u *UserType) UnmarshalValue(value string) error {
|
||||
switch value {
|
||||
case string(UserTypeUserAdd), string(UserTypeAddUser):
|
||||
case string(UserTypeShadow), string(UserTypeBusyBox):
|
||||
*u = UserType(value)
|
||||
return nil
|
||||
default:
|
||||
@ -390,7 +472,7 @@ func NewReadUsersCommand() *command.Command {
|
||||
return c
|
||||
}
|
||||
|
||||
func NewUserAddCreateCommand() *command.Command {
|
||||
func NewUserShadowCreateCommand() *command.Command {
|
||||
c := command.NewCommand()
|
||||
c.Path = "useradd"
|
||||
c.Args = []command.CommandArg{
|
||||
@ -404,19 +486,11 @@ func NewUserAddCreateCommand() *command.Command {
|
||||
}
|
||||
c.Extractor = func(out []byte, target any) error {
|
||||
return nil
|
||||
/*
|
||||
for _,line := range strings.Split(string(out), "\n") {
|
||||
if line == "iptables: Chain already exists." {
|
||||
return nil
|
||||
}
|
||||
}
|
||||
return fmt.Errorf(string(out))
|
||||
*/
|
||||
}
|
||||
return c
|
||||
}
|
||||
|
||||
func NewAddUserCreateCommand() *command.Command {
|
||||
func NewUserBusyBoxCreateCommand() *command.Command {
|
||||
c := command.NewCommand()
|
||||
c.Path = "adduser"
|
||||
c.Args = []command.CommandArg{
|
||||
@ -430,14 +504,6 @@ func NewAddUserCreateCommand() *command.Command {
|
||||
}
|
||||
c.Extractor = func(out []byte, target any) error {
|
||||
return nil
|
||||
/*
|
||||
for _,line := range strings.Split(string(out), "\n") {
|
||||
if line == "iptables: Chain already exists." {
|
||||
return nil
|
||||
}
|
||||
}
|
||||
return fmt.Errorf(string(out))
|
||||
*/
|
||||
}
|
||||
return c
|
||||
}
|
||||
@ -476,11 +542,40 @@ func NewUserReadCommand() *command.Command {
|
||||
return c
|
||||
}
|
||||
|
||||
func NewUserUpdateCommand() *command.Command {
|
||||
return nil
|
||||
func NewUserBusyBoxUpdateCommand() *command.Command {
|
||||
c := command.NewCommand()
|
||||
c.Path = "xargs"
|
||||
c.StdinAvailable = true
|
||||
c.Input = command.CommandInput("{{ if .Groups }}{{ range .Groups }}{{ . }}\n{{ end }}{{ end }}")
|
||||
c.Args = []command.CommandArg{
|
||||
command.CommandArg("adduser"),
|
||||
command.CommandArg("{{ .Name }}"),
|
||||
}
|
||||
c.Extractor = func(out []byte, target any) error {
|
||||
return nil
|
||||
}
|
||||
return c
|
||||
}
|
||||
|
||||
func NewUserDelDeleteCommand() *command.Command {
|
||||
func NewUserShadowUpdateCommand() *command.Command {
|
||||
c := command.NewCommand()
|
||||
c.Path = "usermod"
|
||||
c.Args = []command.CommandArg{
|
||||
command.CommandArg("{{ if .UID }}-u {{ .UID }}{{ end }}"),
|
||||
command.CommandArg("{{ if .Gecos }}-c {{ .Gecos }}{{ end }}"),
|
||||
command.CommandArg("{{ if .Group }}-g {{ .groupStatus.Gid }}{{ end }}"),
|
||||
command.CommandArg("{{ if .Home }}-d {{ .Home }}{{ if .CreateHome }} -m{{- end }}{{ end }}"),
|
||||
command.CommandArg("{{ if .Groups }}-G {{- range $i, $g := .Groups -}}{{ if $i }}, {{- end }}{{ . }}{{- end }}{{ if .AppendGroups }} -a{{- end }}{{- end }}"),
|
||||
command.CommandArg("{{ if .Shell }}-s {{ .Shell }}{{ end }}"),
|
||||
command.CommandArg("{{ .Name }}"),
|
||||
}
|
||||
c.Extractor = func(out []byte, target any) error {
|
||||
return nil
|
||||
}
|
||||
return c
|
||||
}
|
||||
|
||||
func NewUserShadowDeleteCommand() *command.Command {
|
||||
c := command.NewCommand()
|
||||
c.Path = "userdel"
|
||||
c.Args = []command.CommandArg{
|
||||
@ -492,7 +587,7 @@ func NewUserDelDeleteCommand() *command.Command {
|
||||
return c
|
||||
}
|
||||
|
||||
func NewDelUserDeleteCommand() *command.Command {
|
||||
func NewUserBusyBoxDeleteCommand() *command.Command {
|
||||
c := command.NewCommand()
|
||||
c.Path = "deluser"
|
||||
c.Args = []command.CommandArg{
|
||||
|
@ -81,7 +81,7 @@ func TestCreateUser(t *testing.T) {
|
||||
|
||||
func TestSystemUser(t *testing.T) {
|
||||
u := NewUser()
|
||||
|
||||
u.Name = "self"
|
||||
u.UseConfig(MockConfigValueGetter(func(key string) (any, error) {
|
||||
switch key {
|
||||
case "user":
|
||||
@ -97,3 +97,22 @@ func TestSystemUser(t *testing.T) {
|
||||
u.ResolveId(context.Background())
|
||||
assert.Equal(t, "bar", u.Name)
|
||||
}
|
||||
|
||||
func TestUserSecondaryGroups(t *testing.T) {
|
||||
groupCounts := make(map[string]int)
|
||||
u := NewUser()
|
||||
u.Name = "root"
|
||||
u.ResolveId(context.Background())
|
||||
u.Groups = []string{
|
||||
"root",
|
||||
"wheel",
|
||||
}
|
||||
u.ReadGroups()
|
||||
|
||||
for _, groupName := range u.Groups {
|
||||
groupCounts[groupName]++
|
||||
}
|
||||
assert.Greater(t, len(u.Groups), 2)
|
||||
assert.Equal(t, 1, groupCounts["root"])
|
||||
assert.Equal(t, 1, groupCounts["wheel"])
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user