yunion.io/x/cloudmux@v0.3.10-0-alpha.1/pkg/multicloud/aliyun/dbinstance_account.go (about) 1 // Copyright 2019 Yunion 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package aliyun 16 17 import ( 18 "fmt" 19 20 "yunion.io/x/pkg/errors" 21 22 api "yunion.io/x/cloudmux/pkg/apis/compute" 23 "yunion.io/x/cloudmux/pkg/cloudprovider" 24 "yunion.io/x/cloudmux/pkg/multicloud" 25 ) 26 27 type SDatabasePrivileges struct { 28 DatabasePrivilege []SDatabasePrivilege 29 } 30 31 type SDBInstanceAccount struct { 32 multicloud.SDBInstanceAccountBase 33 AliyunTags 34 instance *SDBInstance 35 36 AccountDescription string 37 AccountName string 38 AccountStatus string 39 AccountType string 40 DBInstanceId string 41 DatabasePrivileges SDatabasePrivileges 42 PrivExceeded string 43 } 44 45 func (account *SDBInstanceAccount) GetName() string { 46 return account.AccountName 47 } 48 49 func (account *SDBInstanceAccount) Delete() error { 50 return account.instance.region.DeleteDBInstanceAccount(account.DBInstanceId, account.AccountName) 51 } 52 53 func (account *SDBInstanceAccount) RevokePrivilege(database string) error { 54 return account.instance.region.RevokeDBInstancePrivilege(account.DBInstanceId, account.AccountName, database) 55 } 56 57 func (region *SRegion) RevokeDBInstancePrivilege(instanceId, account, database string) error { 58 params := map[string]string{ 59 "DBInstanceId": instanceId, 60 "AccountName": account, 61 "DBName": database, 62 } 63 _, err := region.rdsRequest("RevokeAccountPrivilege", params) 64 return err 65 } 66 67 func (account *SDBInstanceAccount) GrantPrivilege(database, privilege string) error { 68 return account.instance.region.GrantDBInstancePrivilege(account.DBInstanceId, account.AccountName, database, privilege) 69 } 70 71 func (region *SRegion) GrantDBInstancePrivilege(instanceId, account, database, privilege string) error { 72 params := map[string]string{ 73 "DBInstanceId": instanceId, 74 "AccountName": account, 75 "DBName": database, 76 } 77 switch privilege { 78 case api.DATABASE_PRIVILEGE_R: 79 params["AccountPrivilege"] = "ReadOnly" 80 case api.DATABASE_PRIVILEGE_RW: 81 params["AccountPrivilege"] = "ReadWrite" 82 case api.DATABASE_PRIVILEGE_DDL: 83 params["AccountPrivilege"] = "DDLOnly" 84 case api.DATABASE_PRIVILEGE_DML: 85 params["AccountPrivilege"] = "DMLOnly" 86 case api.DATABASE_PRIVILEGE_OWNER: 87 params["AccountPrivilege"] = "DBOwner" 88 default: 89 return fmt.Errorf("Unknown privilege [%s]", privilege) 90 } 91 _, err := region.rdsRequest("GrantAccountPrivilege", params) 92 return err 93 } 94 95 func (account *SDBInstanceAccount) ResetPassword(password string) error { 96 return account.instance.region.ResetDBInstanceAccountPassword(account.DBInstanceId, account.AccountName, password, account.AccountType) 97 } 98 99 func (region *SRegion) ResetDBInstanceAccountPassword(instanceId, account, password, accountType string) error { 100 action := "ResetAccountPassword" 101 if accountType == "Super" { 102 action = "ResetAccount" 103 } 104 params := map[string]string{ 105 "DBInstanceId": instanceId, 106 "AccountName": account, 107 "AccountPassword": password, 108 } 109 _, err := region.rdsRequest(action, params) 110 return err 111 } 112 113 func (account *SDBInstanceAccount) GetStatus() string { 114 switch account.AccountStatus { 115 case "Available": 116 return api.DBINSTANCE_USER_AVAILABLE 117 case "Unavailable": 118 return api.DBINSTANCE_USER_UNAVAILABLE 119 } 120 return account.AccountStatus 121 } 122 123 func (account *SDBInstanceAccount) GetIDBInstanceAccountPrivileges() ([]cloudprovider.ICloudDBInstanceAccountPrivilege, error) { 124 privileves := []cloudprovider.ICloudDBInstanceAccountPrivilege{} 125 for i := 0; i < len(account.DatabasePrivileges.DatabasePrivilege); i++ { 126 account.DatabasePrivileges.DatabasePrivilege[i].account = account 127 privileves = append(privileves, &account.DatabasePrivileges.DatabasePrivilege[i]) 128 } 129 return privileves, nil 130 } 131 132 func (region *SRegion) GetDBInstanceAccounts(instanceId string, offset int, limit int) ([]SDBInstanceAccount, int, error) { 133 if limit > 50 || limit <= 0 { 134 limit = 50 135 } 136 params := map[string]string{ 137 "RegionId": region.RegionId, 138 "PageSize": fmt.Sprintf("%d", limit), 139 "PageNumber": fmt.Sprintf("%d", (offset/limit)+1), 140 "DBInstanceId": instanceId, 141 } 142 body, err := region.rdsRequest("DescribeAccounts", params) 143 if err != nil { 144 return nil, 0, errors.Wrap(err, "DescribeAccounts") 145 } 146 accounts := []SDBInstanceAccount{} 147 err = body.Unmarshal(&accounts, "Accounts", "DBInstanceAccount") 148 if err != nil { 149 return nil, 0, errors.Wrap(err, "Unmarshal") 150 } 151 total, _ := body.Int("TotalRecordCount") 152 return accounts, int(total), nil 153 } 154 155 func (region *SRegion) DeleteDBInstanceAccount(instanceId string, accountName string) error { 156 params := map[string]string{ 157 "RegionId": region.RegionId, 158 "DBInstanceId": instanceId, 159 "AccountName": accountName, 160 } 161 162 _, err := region.rdsRequest("DeleteAccount", params) 163 return err 164 } 165 166 func (region *SRegion) CreateDBInstanceAccount(instanceId string, name string, password string, desc string) error { 167 params := map[string]string{ 168 "RegionId": region.RegionId, 169 "DBInstanceId": instanceId, 170 "AccountName": name, 171 "AccountPassword": password, 172 "AccountDescription": desc, 173 } 174 175 _, err := region.rdsRequest("CreateAccount", params) 176 return err 177 178 }