Implemented ACL Init on server.

kelvinmwinuka · kelvinmwinuka · commit 1382ef494b9a · 2023-12-07T16:53:23.000+08:00
Implemented reading of ACL from JSON and YAML files into user list in memory.
diff --git a/.gitignore b/.gitignore
@@ -1,7 +1,6 @@
 .idea
 bin
 openssl
-config*.json
-config*.y*ml
 docker-compose.y*ml
 volumes
+/config/
diff --git a/Dockerfile b/Dockerfile
@@ -7,6 +7,7 @@ RUN mkdir -p /etc/ssl/certs/memstore
 COPY ./bin/linux/x86_64/plugins /usr/local/lib/memstore
 COPY ./bin/linux/x86_64/server /opt/memstore/bin
 COPY ./openssl/server /etc/ssl/certs/memstore
+COPY ./config /etc/config/memstore
 
 WORKDIR /opt/memstore/bin
 
@@ -24,4 +25,5 @@ CMD "./server" \
   "--http=${HTTP}" \
   "--tls=${TLS}" \
   "--inMemory=${INMEMORY}" \
-  "--bootstrapCluster=${BOOTSTRAP_CLUSTER}" \
+  "--bootstrapCluster=${BOOTSTRAP_CLUSTER}" \
+  "--aclConfig=${ACL_CONFIG}" \
diff --git a/src/acl.go b/src/acl.go
@@ -0,0 +1,85 @@
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"gopkg.in/yaml.v3"
+	"log"
+	"os"
+	"path"
+)
+
+type Password struct {
+	PasswordType  string `json:"PasswordType" yaml:"PasswordType"` // plaintext, SHA256
+	PasswordValue string `json:"PasswordValue" yaml:"PasswordValue"`
+}
+
+type UserPassword struct {
+	Enabled   bool       `json:"Enabled" yaml:"Enabled"`
+	Passwords []Password `json:"Passwords" yaml:"Passwords"`
+}
+
+type User struct {
+	Username string `json:"Username" yaml:"Username"`
+	Enabled  bool   `json:"Enabled" yaml:"Enabled"`
+
+	Authentication UserPassword `json:"Authentication" yaml:"Authentication"`
+
+	IncludedCategories []string `json:"IncludedCategories" yaml:"IncludedCategories"`
+	ExcludedCategories []string `json:"ExcludedCategories" yaml:"ExcludedCategories"`
+
+	IncludedCommands []string `json:"IncludedCommands" yaml:"IncludedCommands"`
+	ExcludedCommands []string `json:"ExcludedCommands" yaml:"ExcludedCommands"`
+
+	IncludedKeys      []string `json:"IncludedKeys" yaml:"IncludedKeys"`
+	ExcludedKeys      []string `json:"ExcludedKeys" yaml:"ExcludedKeys"`
+	IncludedReadKeys  []string `json:"IncludedReadKeys" yaml:"IncludedReadKeys"`
+	IncludedWriteKeys []string `json:"IncludedWriteKeys" yaml:"IncludedWriteKeys"`
+
+	IncludedPubSubChannels []string `json:"IncludedPubSubChannels" yaml:"IncludedPubSubChannels"`
+	ExcludedPubSubChannels []string `json:"ExcludedPubSubChannels" yaml:"ExcludedPubSubChannels"`
+}
+
+type ACL struct {
+	Users []User
+}
+
+func NewACL(aclConfig string) *ACL {
+	users := []User{}
+
+	// 1. Initialise default ACL user
+
+	// 2. Read and parse the ACL config file and set the
+	if aclConfig != "" {
+		// Override acl configurations from file
+		if f, err := os.Open(aclConfig); err != nil {
+			panic(err)
+		} else {
+			defer func() {
+				if err := f.Close(); err != nil {
+					fmt.Println("acl config file close error: ", err)
+				}
+			}()
+
+			ext := path.Ext(f.Name())
+
+			if ext == ".json" {
+				if err := json.NewDecoder(f).Decode(&users); err != nil {
+					log.Fatal("could not load JSON ACL config: ", err)
+				}
+			}
+
+			if ext == ".yaml" || ext == ".yml" {
+				if err := yaml.NewDecoder(f).Decode(&users); err != nil {
+					log.Fatal("could not load YAML ACL config: ", err)
+				}
+			}
+		}
+	}
+
+	// 3. Validate the ACL Config that has been loaded from the file
+
+	return &ACL{
+		Users: users,
+	}
+}
diff --git a/src/main.go b/src/main.go
@@ -51,6 +51,8 @@ type Server struct {
 	numOfNodes     int
 
 	cancelCh *chan (os.Signal)
+
+	ACL *ACL
 }
 
 func (server *Server) KeyLock(ctx context.Context, key string) (bool, error) {
@@ -410,6 +412,8 @@ func main() {
 		broadcastQueue: new(memberlist.TransmitLimitedQueue),
 		numOfNodes:     0,
 
+		ACL: NewACL(config.AclConfig),
+
 		cancelCh: &cancelCh,
 	}
 
diff --git a/src/utils/config.go b/src/utils/config.go
@@ -24,6 +24,7 @@ type Config struct {
 	InMemory           bool   `json:"inMemory" yaml:"inMemory"`
 	DataDir            string `json:"dataDir" yaml:"dataDir"`
 	BootstrapCluster   bool   `json:"BootstrapCluster" yaml:"bootstrapCluster"`
+	AclConfig          string `json:"AclConfig" yaml:"AclConfig"`
 }
 
 func GetConfig() Config {
@@ -41,6 +42,7 @@ func GetConfig() Config {
 	inMemory := flag.Bool("inMemory", false, "Whether to use memory or persisten storage for raft logs and snapshots.")
 	dataDir := flag.String("dataDir", "/var/lib/memstore", "Directory to store raft snapshots and logs.")
 	bootstrapCluster := flag.Bool("bootstrapCluster", false, "Whether this instance should bootstrap a new cluster.")
+	aclConfig := flag.String("aclConfig", "", "ACL config file path.")
 
 	config := flag.String(
 		"config",
@@ -65,6 +67,7 @@ func GetConfig() Config {
 		InMemory:           *inMemory,
 		DataDir:            *dataDir,
 		BootstrapCluster:   *bootstrapCluster,
+		AclConfig:          *aclConfig,
 	}
 
 	if len(*config) > 0 {

Original file line number	Diff line number	Diff line change
`@@ -51,6 +51,8 @@ type Server struct {`
`51`	`51`	`numOfNodes int`
`52`	`52`
`53`	`53`	`cancelCh *chan (os.Signal)`
	`54`	`+`
	`55`	`+ ACL *ACL`
`54`	`56`	`}`
`55`	`57`
`56`	`58`	`func (server *Server) KeyLock(ctx context.Context, key string) (bool, error) {`
`@@ -410,6 +412,8 @@ func main() {`
`410`	`412`	`broadcastQueue: new(memberlist.TransmitLimitedQueue),`
`411`	`413`	`numOfNodes: 0,`
`412`	`414`
	`415`	`+ ACL: NewACL(config.AclConfig),`
	`416`	`+`
`413`	`417`	`cancelCh: &cancelCh,`
`414`	`418`	`}`
`415`	`419`