Add Role Permissions. (#23)

* Add Role Permissions.
hexfusion · Jun 19, 2017 · 609a67f · 609a67f
1 parent c53c96d
commit 609a67f
Show file tree

Hide file tree

Showing 21 changed files with 216 additions and 19 deletions.
diff --git a/Changes b/Changes
@@ -1,7 +1,12 @@
 Revision history for Net::Etcd
+
+0.013
+[ ENHANCEMENTS ]
+* Add Net::Etcd::Auth::RolePermission class allowing roles to be defined by key/range.
+
 0.012
 [ ENHANCEMENTS ]
-* Add full support for header based authentication via grpc-gateway.  Requires etcd 3.1.0+
+* Add full support for header based authentication via grpc-gateway.  Requires etcd 3.2.0+
 * Improve POD
 
 0.011

diff --git a/MANIFEST b/MANIFEST
@@ -7,6 +7,7 @@ README.md
 lib/Net/Etcd.pm
 lib/Net/Etcd/Auth.pm
 lib/Net/Etcd/Auth/Role.pm
+lib/Net/Etcd/Auth/RolePermission.pm
 lib/Net/Etcd/Config.pm
 lib/Net/Etcd/Lease.pm
 lib/Net/Etcd/Maintenance.pm

diff --git a/lib/Net/Etcd.pm b/lib/Net/Etcd.pm
@@ -9,6 +9,7 @@ use Moo;
 use JSON;
 use MIME::Base64;
 use Net::Etcd::Auth;
+use Net::Etcd::Auth::RolePermission;
 use Net::Etcd::Config;
 use Net::Etcd::Watch;
 use Net::Etcd::Lease;
@@ -28,7 +29,7 @@ Net::Etcd - etcd v3 REST API.
 
 =cut
 
-our $VERSION = '0.012';
+our $VERSION = '0.013';
 
 =head1 SYNOPSIS
 
@@ -71,6 +72,9 @@ our $VERSION = '0.012';
     # add new user role
 	$role = $etcd->role( { name => 'myrole' } )->add;
 
+    # grant read permission for the foo key to myrole
+    $etcd->role_perm( { name => 'myrole', key => 'foo', permType => 'READWRITE' } )->grant;
+
     # grant role
     $etcd->user_role( { user => 'samba', role => 'myrole' } )->grant;
 
@@ -214,6 +218,24 @@ sub role {
     );
 }
 
+=head2 role_perm
+
+See L<Net::Etcd::Auth::RolePermission>
+
+Grants or revoke permission of a specified key or range to a specified role.
+
+=cut
+
+sub role_perm {
+    my ( $self, $options ) = @_; 
+    my $cb = pop if ref $_[-1] eq 'CODE';
+    my $perm = Net::Etcd::Auth::RolePermission->new(
+        etcd     => $self,
+        cb       => $cb,
+        ( $options ? %$options : () ),
+    );  
+}
+
 =head2 user_role
 
 See L<Net::Etcd::User::Role>

diff --git a/lib/Net/Etcd/Auth.pm b/lib/Net/Etcd/Auth.pm
@@ -26,7 +26,7 @@ Net::Etcd::Auth
 
 =cut
 
-our $VERSION = '0.012';
+our $VERSION = '0.013';
 
 =head1 DESCRIPTION
 

diff --git a/lib/Net/Etcd/Auth/Role.pm b/lib/Net/Etcd/Auth/Role.pm
@@ -20,7 +20,7 @@ Net::Etcd::Auth::Role
 
 =cut
 
-our $VERSION = '0.012';
+our $VERSION = '0.013';
 
 =head1 DESCRIPTION
 

diff --git a/lib/Net/Etcd/Auth/RolePermission.pm b/lib/Net/Etcd/Auth/RolePermission.pm
@@ -0,0 +1,147 @@
+use utf8;
+package Net::Etcd::Auth::RolePermission;
+
+use strict;
+use warnings;
+
+use Moo;
+use Types::Standard qw(Str Int Bool HashRef ArrayRef);
+use MIME::Base64;
+use Carp;
+use JSON;
+use Data::Dumper;
+
+with 'Net::Etcd::Role::Actions';
+
+use namespace::clean;
+
+=head1 NAME
+
+Net::Etcd::Auth::RolePermission
+
+=cut
+
+our $VERSION = '0.013';
+
+=head1 DESCRIPTION
+
+Permission
+
+
+=head2 endpoint
+
+=cut
+
+has endpoint => (
+    is       => 'ro',
+    isa      => Str,
+);
+
+=head2 name
+
+name of role
+
+=cut
+
+has name => (
+    is       => 'ro',
+    isa      => Str,
+);
+
+=head2 role
+
+name of role
+* only used in revoke, use name for grant... not my idea.
+
+=cut
+
+has role => (
+    is       => 'ro',
+    isa      => Str,
+);
+
+=head2 key
+
+name of key
+
+=cut
+
+has key => (
+    is       => 'ro',
+    isa      => Str,
+    required => 1,
+    coerce   => sub { return encode_base64( $_[0], '' ) },
+);
+
+=head2 range_end
+
+End of key range
+
+=cut
+
+has range_end => (
+    is       => 'ro',
+    isa      => Str,
+    coerce   => sub { return encode_base64( $_[0], '' ) },
+);
+
+=head2 permType
+
+valid options are READ, WRITE, and READWRITE
+
+=cut
+
+has permType =>(  
+    is       => 'ro',
+    isa      => Str,
+);
+
+=head2 perm
+
+Perm
+
+=cut
+
+has perm => (
+    is       => 'lazy',
+);
+
+sub _build_perm {
+    my ($self) = @_;
+    my $perm;
+    for my $key ( keys %{$self} ) { 
+        unless ( $key =~ /(?:name|etcd|cb|endpoint)$/ ) { 
+            $perm->{$key} = $self->{$key};
+        }
+    }   
+    return $perm;
+}
+
+=head2 grant
+
+Grant permission to role
+
+=cut
+
+sub grant {;
+    my ($self) = @_;
+    $self->{endpoint} = '/auth/role/grant';
+    $self->{json_args} = to_json( {name => $self->name, perm => $self->perm } );
+    $self->request;
+    return $self;
+}
+
+=head2 revoke
+
+Revoke permission to role
+
+=cut
+
+sub revoke {;
+    my ($self) = @_;
+    $self->{endpoint} = '/auth/role/revoke';
+    $self->request;
+    return $self;
+}
+
+1;
diff --git a/lib/Net/Etcd/Config.pm b/lib/Net/Etcd/Config.pm
@@ -13,7 +13,7 @@ Net::Etcd::Config
 
 =cut
 
-our $VERSION = '0.012';
+our $VERSION = '0.013';
 
 =head1 ACCESSORS
 

diff --git a/lib/Net/Etcd/KV.pm b/lib/Net/Etcd/KV.pm
@@ -24,7 +24,7 @@ Net::Etcd::KV
 
 =cut
 
-our $VERSION = '0.012';
+our $VERSION = '0.013';
 
 =head1 DESCRIPTION
 

diff --git a/lib/Net/Etcd/KV/Compare.pm b/lib/Net/Etcd/KV/Compare.pm
@@ -20,7 +20,7 @@ Net::Etcd::KV::Compare
 
 =cut
 
-our $VERSION = '0.012';
+our $VERSION = '0.013';
 
 =head1 DESCRIPTION
 

diff --git a/lib/Net/Etcd/KV/Op.pm b/lib/Net/Etcd/KV/Op.pm
@@ -20,7 +20,7 @@ Net::Etcd::KV::Op
 
 =cut
 
-our $VERSION = '0.012';
+our $VERSION = '0.013';
 
 =head1 DESCRIPTION
 

diff --git a/lib/Net/Etcd/KV/Put.pm b/lib/Net/Etcd/KV/Put.pm
@@ -19,7 +19,7 @@ Net::Etcd::Put
 
 =cut
 
-our $VERSION = '0.012';
+our $VERSION = '0.013';
 
 =head1 DESCRIPTION
 

diff --git a/lib/Net/Etcd/KV/Range.pm b/lib/Net/Etcd/KV/Range.pm
@@ -20,7 +20,7 @@ Net::Etcd::Range
 
 =cut
 
-our $VERSION = '0.012';
+our $VERSION = '0.013';
 
 =head1 DESCRIPTION
 

diff --git a/lib/Net/Etcd/KV/Txn.pm b/lib/Net/Etcd/KV/Txn.pm
@@ -20,7 +20,7 @@ Net::Etcd::KV::Txn
 
 =cut
 
-our $VERSION = '0.012';
+our $VERSION = '0.013';
 
 =head1 DESCRIPTION
 

diff --git a/lib/Net/Etcd/Lease.pm b/lib/Net/Etcd/Lease.pm
@@ -20,7 +20,7 @@ Net::Etcd::Lease
 
 =cut
 
-our $VERSION = '0.012';
+our $VERSION = '0.013';
 
 =head1 DESCRIPTION
 

diff --git a/lib/Net/Etcd/Maintenance.pm b/lib/Net/Etcd/Maintenance.pm
@@ -18,7 +18,7 @@ Net::Etcd::Maintenance
 
 =cut
 
-our $VERSION = '0.012';
+our $VERSION = '0.013';
 
 =head1 DESCRIPTION
 

diff --git a/lib/Net/Etcd/Role/Actions.pm b/lib/Net/Etcd/Role/Actions.pm
@@ -22,7 +22,7 @@ Net::Etcd::Role::Actions
 
 =cut
 
-our $VERSION = '0.012';
+our $VERSION = '0.013';
 
 has etcd => (
     is  => 'ro',

diff --git a/lib/Net/Etcd/User.pm b/lib/Net/Etcd/User.pm
@@ -20,7 +20,7 @@ Net::Etcd::User
 
 =cut
 
-our $VERSION = '0.012';
+our $VERSION = '0.013';
 
 =head1 DESCRIPTION
 

diff --git a/lib/Net/Etcd/User/Role.pm b/lib/Net/Etcd/User/Role.pm
@@ -17,7 +17,7 @@ Net::Etcd::User::Role
 
 =cut
 
-our $VERSION = '0.012';
+our $VERSION = '0.013';
 
 =head1 DESCRIPTION
 

diff --git a/lib/Net/Etcd/Watch.pm b/lib/Net/Etcd/Watch.pm
@@ -20,7 +20,7 @@ Net::Etcd::Range
 
 =cut
 
-our $VERSION = '0.012';
+our $VERSION = '0.013';
 
 =head1 DESCRIPTION
 

diff --git a/t/02-lease.t b/t/02-lease.t
@@ -55,6 +55,9 @@ cmp_ok( $key, 'eq', 'bar2', "lease key value" );
 lives_ok( sub {  $lease = $etcd->lease( { ID => $lease_id } )->keepalive },
     "lease_keep_alive" );
 
+#print STDERR Dumper($lease);
+
+
 cmp_ok( $lease->{response}{success}, '==', 1, "reset lease keep alive success" );
 
 # lease ttl