Merge pull request #7958 from heyitsanthony/perm-prefix

etcdctl: improve role --prefix flag
etcd-io · May 22, 2017 · f75e333 · f75e333
2 parents 378bac7 + 2f1467c
commit f75e333
Show file tree

Hide file tree

Showing 2 changed files with 53 additions and 32 deletions.
diff --git a/etcdctl/README.md b/etcdctl/README.md
@@ -961,25 +961,42 @@ RPC: RoleGrantPermission
 
 #### Options
 
+- from-key -- grant a permission of keys that are greater than or equal to the given key using byte compare
+
 - prefix -- grant a prefix permission
 
-#### Ouptut
+#### Output
 
 `Role <role name> updated`.
 
 #### Examples
 
+Grant read and write permission on the key `foo` to role `myrole`:
+
 ```bash
 ./etcdctl --user=root:123 role grant-permission myrole readwrite foo
 # Role myrole updated
 ```
 
+Grant read permission on the wildcard key pattern `foo/*` to role `myrole`:
+
+```bash
+./etcdctl --user=root:123 role grant-permission --prefix myrole readwrite foo/
+# Role myrole updated
+```
+
 ### ROLE REVOKE-PERMISSION \<role name\> \<permission type\> \<key\> [endkey]
 
 `role revoke-permission` revokes a key from a role.
 
 RPC: RoleRevokePermission
 
+#### Options
+
+- from-key -- revoke a permission of keys that are greater than or equal to the given key using byte compare
+
+- prefix -- revoke a prefix permission
+
 #### Output
 
 `Permission of key <key> is revoked from role <role name>` for single key. `Permission of range [<key>, <endkey>) is revoked from role <role name>` for a key range. Exit code is zero.

diff --git a/etcdctl/ctlv3/command/role_command.go b/etcdctl/ctlv3/command/role_command.go
@@ -23,8 +23,8 @@ import (
 )
 
 var (
-	grantPermissionPrefix bool
-	permFromKey           bool
+	rolePermPrefix  bool
+	rolePermFromKey bool
 )
 
 // NewRoleCommand returns the cobra command for "role".
@@ -83,8 +83,8 @@ func newRoleGrantPermissionCommand() *cobra.Command {
 		Run:   roleGrantPermissionCommandFunc,
 	}
 
-	cmd.Flags().BoolVar(&grantPermissionPrefix, "prefix", false, "grant a prefix permission")
-	cmd.Flags().BoolVar(&permFromKey, "from-key", false, "grant a permission of keys that are greater than or equal to the given key using byte compare")
+	cmd.Flags().BoolVar(&rolePermPrefix, "prefix", false, "grant a prefix permission")
+	cmd.Flags().BoolVar(&rolePermFromKey, "from-key", false, "grant a permission of keys that are greater than or equal to the given key using byte compare")
 
 	return cmd
 }
@@ -96,7 +96,8 @@ func newRoleRevokePermissionCommand() *cobra.Command {
 		Run:   roleRevokePermissionCommandFunc,
 	}
 
-	cmd.Flags().BoolVar(&permFromKey, "from-key", false, "grant a permission of keys that are greater than or equal to the given key using byte compare")
+	cmd.Flags().BoolVar(&rolePermPrefix, "prefix", false, "revoke a prefix permission")
+	cmd.Flags().BoolVar(&rolePermFromKey, "from-key", false, "revoke a permission of keys that are greater than or equal to the given key using byte compare")
 
 	return cmd
 }
@@ -169,27 +170,10 @@ func roleGrantPermissionCommandFunc(cmd *cobra.Command, args []string) {
 		ExitWithError(ExitBadArgs, err)
 	}
 
-	rangeEnd := ""
-	if 4 <= len(args) {
-		if grantPermissionPrefix {
-			ExitWithError(ExitBadArgs, fmt.Errorf("don't pass both of --prefix option and range end to grant permission command"))
-		}
-
-		if permFromKey {
-			ExitWithError(ExitBadArgs, fmt.Errorf("don't pass both of --from-key option and range end to grant permission command"))
-		}
-
-		rangeEnd = args[3]
-	} else if grantPermissionPrefix {
-		if permFromKey {
-			ExitWithError(ExitBadArgs, fmt.Errorf("don't pass both of --from-key option and --prefix option to grant permission command"))
-		}
-
-		rangeEnd = clientv3.GetPrefixRangeEnd(args[2])
-	} else if permFromKey {
-		rangeEnd = "\x00"
+	rangeEnd, rerr := rangeEndFromPermFlags(args[2:])
+	if rerr != nil {
+		ExitWithError(ExitBadArgs, rerr)
 	}
-
 	resp, err := mustClientFromCmd(cmd).Auth.RoleGrantPermission(context.TODO(), args[0], args[2], rangeEnd, perm)
 	if err != nil {
 		ExitWithError(ExitError, err)
@@ -204,16 +188,36 @@ func roleRevokePermissionCommandFunc(cmd *cobra.Command, args []string) {
 		ExitWithError(ExitBadArgs, fmt.Errorf("role revoke-permission command requires role name and key [endkey] as its argument."))
 	}
 
-	rangeEnd := ""
-	if 3 <= len(args) {
-		rangeEnd = args[2]
-	} else if permFromKey {
-		rangeEnd = "\x00"
+	rangeEnd, rerr := rangeEndFromPermFlags(args[1:])
+	if rerr != nil {
+		ExitWithError(ExitBadArgs, rerr)
 	}
-
 	resp, err := mustClientFromCmd(cmd).Auth.RoleRevokePermission(context.TODO(), args[0], args[1], rangeEnd)
 	if err != nil {
 		ExitWithError(ExitError, err)
 	}
 	display.RoleRevokePermission(args[0], args[1], rangeEnd, *resp)
 }
+
+func rangeEndFromPermFlags(args []string) (string, error) {
+	if len(args) == 1 {
+		if rolePermPrefix {
+			if rolePermFromKey {
+				return "", fmt.Errorf("--from-key and --prefix flags are mutually exclusive")
+			}
+			return clientv3.GetPrefixRangeEnd(args[0]), nil
+		}
+		if rolePermFromKey {
+			return "\x00", nil
+		}
+		// single key case
+		return "", nil
+	}
+	if rolePermPrefix {
+		return "", fmt.Errorf("unexpected endkey argument with --prefix flag")
+	}
+	if rolePermFromKey {
+		return "", fmt.Errorf("unexpected endkey argument with --from-key flag")
+	}
+	return args[1], nil
+}