github.com/aiven/aiven-go-client@v1.36.0/elasticsearch_acls.go

github.com/aiven/aiven-go-client@v1.36.0/elasticsearch_acls.go (about)

     1  package aiven
     2  
     3  type (
     4  	// ElasticSearchACLsHandler Aiven go-client handler for Elastisearch ACLs
     5  	ElasticSearchACLsHandler struct {
     6  		client *Client
     7  	}
     8  
     9  	// ElasticsearchACLRequest Aiven API request
    10  	// https://api.aiven.io/v1/project/<project>/service/<service_name>/elasticsearch/acl
    11  	ElasticsearchACLRequest struct {
    12  		ElasticSearchACLConfig ElasticSearchACLConfig `json:"elasticsearch_acl_config"`
    13  	}
    14  
    15  	// ElasticSearchACLResponse Aiven API response
    16  	// https://api.aiven.io/v1/project/<project>/service/<service_name>/elasticsearch/acl
    17  	ElasticSearchACLResponse struct {
    18  		APIResponse
    19  		ElasticSearchACLConfig ElasticSearchACLConfig `json:"elasticsearch_acl_config"`
    20  	}
    21  
    22  	// ElasticSearchACLConfig represents a configuration for Elasticsearch ACLs
    23  	ElasticSearchACLConfig struct {
    24  		ACLs        []ElasticSearchACL `json:"acls"`
    25  		Enabled     bool               `json:"enabled"`
    26  		ExtendedAcl bool               `json:"extendedAcl"`
    27  	}
    28  
    29  	// ElasticSearchACL represents a ElasticSearch ACLs entry
    30  	ElasticSearchACL struct {
    31  		Rules    []ElasticsearchACLRule `json:"rules"`
    32  		Username string                 `json:"username"`
    33  	}
    34  
    35  	// ElasticsearchACLRule represents a ElasticSearch ACLs Rule entry
    36  	ElasticsearchACLRule struct {
    37  		Index      string `json:"index"`
    38  		Permission string `json:"permission"`
    39  	}
    40  )
    41  
    42  // Update updates Elasticsearch ACL config
    43  func (h *ElasticSearchACLsHandler) Update(project, service string, req ElasticsearchACLRequest) (*ElasticSearchACLResponse, error) {
    44  	path := buildPath("project", project, "service", service, "elasticsearch", "acl")
    45  	bts, err := h.client.doPutRequest(path, req)
    46  	if err != nil {
    47  		return nil, err
    48  	}
    49  
    50  	var r ElasticSearchACLResponse
    51  	errR := checkAPIResponse(bts, &r)
    52  
    53  	return &r, errR
    54  }
    55  
    56  // Get gets all existing Elasticsearch ACLs config
    57  func (h *ElasticSearchACLsHandler) Get(project, service string) (*ElasticSearchACLResponse, error) {
    58  	path := buildPath("project", project, "service", service, "elasticsearch", "acl")
    59  	bts, err := h.client.doGetRequest(path, nil)
    60  	if err != nil {
    61  		return nil, err
    62  	}
    63  
    64  	var r ElasticSearchACLResponse
    65  	errR := checkAPIResponse(bts, &r)
    66  
    67  	return &r, errR
    68  }
    69  
    70  // Delete subtracts ACL from already existing Elasticsearch ACLs config
    71  func (conf *ElasticSearchACLConfig) Delete(acl ElasticSearchACL) *ElasticSearchACLConfig {
    72  	for p, existingAcl := range conf.ACLs { // subtract ALC from existing ACLs config entry that supposed to be deleted
    73  		if acl.Username == existingAcl.Username {
    74  			for i := range existingAcl.Rules {
    75  				// remove ACL from existing ACLs list
    76  				for _, rule := range acl.Rules {
    77  					if existingAcl.Rules[i].Permission == rule.Permission && existingAcl.Rules[i].Index == rule.Index {
    78  						conf.ACLs[p].Rules = append(conf.ACLs[p].Rules[:i], conf.ACLs[p].Rules[i+1:]...)
    79  					}
    80  				}
    81  
    82  				// delete ACL item from ACLs list is there are not rules attached to it
    83  				if len(conf.ACLs[p].Rules) == 0 {
    84  					conf.ACLs = append(conf.ACLs[:p], conf.ACLs[p+1:]...)
    85  				}
    86  			}
    87  		}
    88  	}
    89  
    90  	return conf
    91  }
    92  
    93  // Add appends new ACL to already existing Elasticsearch ACLs config
    94  func (conf *ElasticSearchACLConfig) Add(acl ElasticSearchACL) *ElasticSearchACLConfig {
    95  	var userAlreadyExist bool
    96  	var userIndex int
    97  
    98  	// check what ACL rules we already have for a user, and if we find that rule already exists,
    99  	// remove it from a rules slice since there is no need of adding duplicates records to the ACL list
   100  	for p, existingAcl := range conf.ACLs {
   101  		if acl.Username == existingAcl.Username { // ACL record for this user already exists
   102  			userAlreadyExist = true
   103  			userIndex = p
   104  			for _, existingRule := range existingAcl.Rules {
   105  				for i, rule := range acl.Rules {
   106  					if existingRule.Permission == rule.Permission && existingRule.Index == rule.Index {
   107  						// remove rule since it already exists for this user
   108  						acl.Rules = append(acl.Rules[:i], acl.Rules[i+1:]...)
   109  					}
   110  				}
   111  			}
   112  		}
   113  	}
   114  
   115  	if len(acl.Rules) == 0 {
   116  		return conf // nothing to add to already existing ACL rules list for a user
   117  	}
   118  
   119  	// add to existing Elasticsearch ACL config new records
   120  	if userAlreadyExist {
   121  		conf.ACLs[userIndex].Rules = append(conf.ACLs[userIndex].Rules, acl.Rules...)
   122  	} else {
   123  		conf.ACLs = append(conf.ACLs, acl)
   124  	}
   125  
   126  	return conf
   127  }