forked from TrueCloudLab/distribution
ac05d143d8
Signed-off-by: Yu Wang <yuwa@microsoft.com>
254 lines
6.7 KiB
Go
254 lines
6.7 KiB
Go
package storage
|
|
|
|
import (
|
|
"bytes"
|
|
"encoding/json"
|
|
"fmt"
|
|
"io"
|
|
"io/ioutil"
|
|
"net/http"
|
|
"net/url"
|
|
"strconv"
|
|
"time"
|
|
)
|
|
|
|
// AzureTable is the typedef of the Azure Table name
|
|
type AzureTable string
|
|
|
|
const (
|
|
tablesURIPath = "/Tables"
|
|
)
|
|
|
|
type createTableRequest struct {
|
|
TableName string `json:"TableName"`
|
|
}
|
|
|
|
// TableAccessPolicy are used for SETTING table policies
|
|
type TableAccessPolicy struct {
|
|
ID string
|
|
StartTime time.Time
|
|
ExpiryTime time.Time
|
|
CanRead bool
|
|
CanAppend bool
|
|
CanUpdate bool
|
|
CanDelete bool
|
|
}
|
|
|
|
func pathForTable(table AzureTable) string { return fmt.Sprintf("%s", table) }
|
|
|
|
func (c *TableServiceClient) getStandardHeaders() map[string]string {
|
|
return map[string]string{
|
|
"x-ms-version": "2015-02-21",
|
|
"x-ms-date": currentTimeRfc1123Formatted(),
|
|
"Accept": "application/json;odata=nometadata",
|
|
"Accept-Charset": "UTF-8",
|
|
"Content-Type": "application/json",
|
|
userAgentHeader: c.client.userAgent,
|
|
}
|
|
}
|
|
|
|
// QueryTables returns the tables created in the
|
|
// *TableServiceClient storage account.
|
|
func (c *TableServiceClient) QueryTables() ([]AzureTable, error) {
|
|
uri := c.client.getEndpoint(tableServiceName, tablesURIPath, url.Values{})
|
|
|
|
headers := c.getStandardHeaders()
|
|
headers["Content-Length"] = "0"
|
|
|
|
resp, err := c.client.execInternalJSON(http.MethodGet, uri, headers, nil, c.auth)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer resp.body.Close()
|
|
|
|
if err := checkRespCode(resp.statusCode, []int{http.StatusOK}); err != nil {
|
|
ioutil.ReadAll(resp.body)
|
|
return nil, err
|
|
}
|
|
|
|
buf := new(bytes.Buffer)
|
|
if _, err := buf.ReadFrom(resp.body); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
var respArray queryTablesResponse
|
|
if err := json.Unmarshal(buf.Bytes(), &respArray); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
s := make([]AzureTable, len(respArray.TableName))
|
|
for i, elem := range respArray.TableName {
|
|
s[i] = AzureTable(elem.TableName)
|
|
}
|
|
|
|
return s, nil
|
|
}
|
|
|
|
// CreateTable creates the table given the specific
|
|
// name. This function fails if the name is not compliant
|
|
// with the specification or the tables already exists.
|
|
func (c *TableServiceClient) CreateTable(table AzureTable) error {
|
|
uri := c.client.getEndpoint(tableServiceName, tablesURIPath, url.Values{})
|
|
|
|
headers := c.getStandardHeaders()
|
|
|
|
req := createTableRequest{TableName: string(table)}
|
|
buf := new(bytes.Buffer)
|
|
|
|
if err := json.NewEncoder(buf).Encode(req); err != nil {
|
|
return err
|
|
}
|
|
|
|
headers["Content-Length"] = fmt.Sprintf("%d", buf.Len())
|
|
|
|
resp, err := c.client.execInternalJSON(http.MethodPost, uri, headers, buf, c.auth)
|
|
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer readAndCloseBody(resp.body)
|
|
|
|
if err := checkRespCode(resp.statusCode, []int{http.StatusCreated}); err != nil {
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// DeleteTable deletes the table given the specific
|
|
// name. This function fails if the table is not present.
|
|
// Be advised: DeleteTable deletes all the entries
|
|
// that may be present.
|
|
func (c *TableServiceClient) DeleteTable(table AzureTable) error {
|
|
uri := c.client.getEndpoint(tableServiceName, tablesURIPath, url.Values{})
|
|
uri += fmt.Sprintf("('%s')", string(table))
|
|
|
|
headers := c.getStandardHeaders()
|
|
|
|
headers["Content-Length"] = "0"
|
|
|
|
resp, err := c.client.execInternalJSON(http.MethodDelete, uri, headers, nil, c.auth)
|
|
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer readAndCloseBody(resp.body)
|
|
|
|
if err := checkRespCode(resp.statusCode, []int{http.StatusNoContent}); err != nil {
|
|
return err
|
|
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// SetTablePermissions sets up table ACL permissions as per REST details https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Set-Table-ACL
|
|
func (c *TableServiceClient) SetTablePermissions(table AzureTable, policies []TableAccessPolicy, timeout uint) (err error) {
|
|
params := url.Values{"comp": {"acl"}}
|
|
|
|
if timeout > 0 {
|
|
params.Add("timeout", fmt.Sprint(timeout))
|
|
}
|
|
|
|
uri := c.client.getEndpoint(tableServiceName, string(table), params)
|
|
headers := c.client.getStandardHeaders()
|
|
|
|
body, length, err := generateTableACLPayload(policies)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
headers["Content-Length"] = fmt.Sprintf("%v", length)
|
|
|
|
resp, err := c.client.execInternalJSON(http.MethodPut, uri, headers, body, c.auth)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer readAndCloseBody(resp.body)
|
|
|
|
if err := checkRespCode(resp.statusCode, []int{http.StatusNoContent}); err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func generateTableACLPayload(policies []TableAccessPolicy) (io.Reader, int, error) {
|
|
sil := SignedIdentifiers{
|
|
SignedIdentifiers: []SignedIdentifier{},
|
|
}
|
|
for _, tap := range policies {
|
|
permission := generateTablePermissions(&tap)
|
|
signedIdentifier := convertAccessPolicyToXMLStructs(tap.ID, tap.StartTime, tap.ExpiryTime, permission)
|
|
sil.SignedIdentifiers = append(sil.SignedIdentifiers, signedIdentifier)
|
|
}
|
|
return xmlMarshal(sil)
|
|
}
|
|
|
|
// GetTablePermissions gets the table ACL permissions, as per REST details https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/get-table-acl
|
|
func (c *TableServiceClient) GetTablePermissions(table AzureTable, timeout int) (permissionResponse []TableAccessPolicy, err error) {
|
|
params := url.Values{"comp": {"acl"}}
|
|
|
|
if timeout > 0 {
|
|
params.Add("timeout", strconv.Itoa(timeout))
|
|
}
|
|
|
|
uri := c.client.getEndpoint(tableServiceName, string(table), params)
|
|
headers := c.client.getStandardHeaders()
|
|
resp, err := c.client.execInternalJSON(http.MethodGet, uri, headers, nil, c.auth)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer resp.body.Close()
|
|
|
|
if err = checkRespCode(resp.statusCode, []int{http.StatusOK}); err != nil {
|
|
ioutil.ReadAll(resp.body)
|
|
return nil, err
|
|
}
|
|
|
|
var ap AccessPolicy
|
|
err = xmlUnmarshal(resp.body, &ap.SignedIdentifiersList)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
out := updateTableAccessPolicy(ap)
|
|
return out, nil
|
|
}
|
|
|
|
func updateTableAccessPolicy(ap AccessPolicy) []TableAccessPolicy {
|
|
out := []TableAccessPolicy{}
|
|
for _, policy := range ap.SignedIdentifiersList.SignedIdentifiers {
|
|
tap := TableAccessPolicy{
|
|
ID: policy.ID,
|
|
StartTime: policy.AccessPolicy.StartTime,
|
|
ExpiryTime: policy.AccessPolicy.ExpiryTime,
|
|
}
|
|
tap.CanRead = updatePermissions(policy.AccessPolicy.Permission, "r")
|
|
tap.CanAppend = updatePermissions(policy.AccessPolicy.Permission, "a")
|
|
tap.CanUpdate = updatePermissions(policy.AccessPolicy.Permission, "u")
|
|
tap.CanDelete = updatePermissions(policy.AccessPolicy.Permission, "d")
|
|
|
|
out = append(out, tap)
|
|
}
|
|
return out
|
|
}
|
|
|
|
func generateTablePermissions(tap *TableAccessPolicy) (permissions string) {
|
|
// generate the permissions string (raud).
|
|
// still want the end user API to have bool flags.
|
|
permissions = ""
|
|
|
|
if tap.CanRead {
|
|
permissions += "r"
|
|
}
|
|
|
|
if tap.CanAppend {
|
|
permissions += "a"
|
|
}
|
|
|
|
if tap.CanUpdate {
|
|
permissions += "u"
|
|
}
|
|
|
|
if tap.CanDelete {
|
|
permissions += "d"
|
|
}
|
|
return permissions
|
|
}
|