You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@servicecomb.apache.org by GitBox <gi...@apache.org> on 2021/05/30 14:37:01 UTC

[GitHub] [servicecomb-service-center] little-cui commented on a change in pull request #1027: role binding check

little-cui commented on a change in pull request #1027:
URL: https://github.com/apache/servicecomb-service-center/pull/1027#discussion_r642085600



##########
File path: datasource/etcd/account.go
##########
@@ -63,20 +63,41 @@ func (ds *DataSource) CreateAccount(ctx context.Context, a *rbac.Account) error
 	a.ID = util.GenerateUUID()
 	a.CreateTime = strconv.FormatInt(time.Now().Unix(), 10)
 	a.UpdateTime = a.CreateTime
-	value, err := json.Marshal(a)
+	opts, err := GenAccountOpts(a, client.ActionPut)
 	if err != nil {
-		log.Errorf(err, "account info is invalid")
+		log.Error("", err)
 		return err
 	}
-	err = client.PutBytes(ctx, name, value)
+	err = client.BatchCommit(ctx, opts)
 	if err != nil {
 		log.Errorf(err, "can not save account info")
 		return err
 	}
 	log.Info("create new account: " + a.ID)
 	return nil
 }
+func GenAccountOpts(a *rbac.Account, action client.ActionType) ([]client.PluginOp, error) {
+	opts := make([]client.PluginOp, 0)
+	value, err := json.Marshal(a)
+	if err != nil {
+		log.Errorf(err, "account info is invalid")
+		return nil, err
+	}
+	opts = append(opts, client.PluginOp{
+		Key:    stringutil.Str2bytes(path.GenerateAccountKey(a.Name)),
+		Value:  value,
+		Action: action,
+	})
+	for _, r := range a.Roles {
+		opt := client.PluginOp{
+			Key:    stringutil.Str2bytes(path.GenRoleAccountIdxKey(r, a.Name)),

Review comment:
       没考虑删除account时候也要删掉对应的index

##########
File path: datasource/etcd/path/key_generator.go
##########
@@ -76,7 +76,20 @@ func GenerateRBACRoleKey(name string) string {
 		name,
 	}, SPLIT)
 }
-
+func GenRoleAccountIdxKey(role, account string) string {
+	return util.StringJoin([]string{
+		GetRootKey(),
+		"idx-role-account",
+		role, account,
+	}, SPLIT)
+}
+func GenRoleAccountPrefixIdxKey(role string) string {
+	return util.StringJoin([]string{
+		GetRootKey(),
+		"idx-role-account",
+		role,
+	}, SPLIT)

Review comment:
       如果定义了prefix函数，末尾要加“/”，等价于GenRoleAccountIdxKey(role, “”)




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org