public static void ImportToEtcd(KeyValueData data)
{
string etcdUrl = $"http://{data.EtcdHost}:{data.EtcdPort}";
$"Import to etcd {etcdUrl}".OutUnderline();
using (var client = new EtcdClient(etcdUrl))
{
"Replace key-value tree".OutUnderline();
client.DeleteRange("cfg/");
foreach (var kv in data.Tree)
{
kv.Key.Out();
client.Put(kv.Key, kv.Value);
}
"Delete users & roles".OutUnderline();
var users = client
.UserList(new Etcdserverpb.AuthUserListRequest())
.Users
.ToList();
foreach (var name in users)
{
if (name != "root")
{
var reqDelUsr = new Etcdserverpb.AuthUserDeleteRequest()
{
Name = name
};
client.UserDelete(reqDelUsr);
$"User {name} deleted".Out();
}
}
var roles = client
.RoleList(new Etcdserverpb.AuthRoleListRequest())
.Roles
.ToList();
foreach (var name in roles)
{
if (name != "root")
{
var reqDelRole = new Etcdserverpb.AuthRoleDeleteRequest()
{
Role = name
};
client.RoleDelete(reqDelRole);
$"Role {name} deleted".Out();
}
}
"Create roles".OutUnderline();
int i = 0;
var rolesDic = new Dictionary <string, string>(); // access vs role_name
data.Users
.Select(x => x.Access)
.Distinct()
.ToList()
.ForEach(x =>
{
string roleName = $"role{++i}";
var reqRoleAdd = new Etcdserverpb.AuthRoleAddRequest()
{
Name = roleName
};
client.RoleAdd(reqRoleAdd);
$"Role {roleName} created".Out();
var reqAddPerm = new Etcdserverpb.AuthRoleGrantPermissionRequest()
{
Name = roleName,
Perm = new Authpb.Permission()
{
Key = Google.Protobuf.ByteString.CopyFromUtf8($"cfg/{x}"),
RangeEnd = Google.Protobuf.ByteString.CopyFromUtf8($"cfg/{x}"),
PermType = Authpb.Permission.Types.Type.Read
}
};
client.RoleGrantPermission(reqAddPerm);
$"Readonly access to cfg/{x} granted".Out();
reqAddPerm = new Etcdserverpb.AuthRoleGrantPermissionRequest()
{
Name = roleName,
Perm = new Authpb.Permission()
{
Key = Google.Protobuf.ByteString.CopyFromUtf8($"app/{x}"),
RangeEnd = Google.Protobuf.ByteString.CopyFromUtf8($"app/{x}"),
PermType = Authpb.Permission.Types.Type.Readwrite
}
};
client.RoleGrantPermission(reqAddPerm);
$"Readwrite access to app/{x} granted".Out();
rolesDic[x] = roleName;
});
"Create users and grant roles".OutUnderline();
foreach (var user in data.Users)
{
var reqAddUsr = new Etcdserverpb.AuthUserAddRequest()
{
Name = user.Name,
Password = user.Password
};
client.UserAdd(reqAddUsr);
$"User {user.Name} created".Out();
var reqGrantRole = new Etcdserverpb.AuthUserGrantRoleRequest()
{
User = user.Name,
Role = rolesDic[user.Access]
};
client.UserGrantRole(reqGrantRole);
$"Access to {user.Access} granted ({rolesDic[user.Access]})".Out();
}
}
}