-
Notifications
You must be signed in to change notification settings - Fork 0
/
internal-functions
executable file
·121 lines (100 loc) · 3.61 KB
/
internal-functions
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
#!/usr/bin/env bash
source "$PLUGIN_CORE_AVAILABLE_PATH/common/functions"
set -eo pipefail; [[ $DOKKU_TRACE ]] && set -x
cmd-acl-report-all() {
declare desc="displays a acl report for one or more apps"
local cmd="acl:report"
local APP="$1" INFO_FLAG="$2"
local INSTALLED_APPS
if [[ -n "$APP" ]] && [[ "$APP" == --* ]]; then
INFO_FLAG="$APP"
APP=""
fi
if [[ -z "$APP" ]] && [[ -z "$INFO_FLAG" ]]; then
INFO_FLAG="true"
fi
if [[ -z "$APP" ]]; then
INSTALLED_APPS=$(dokku_apps)
for app in $INSTALLED_APPS; do
cmd-acl-report-single "$app" "$INFO_FLAG" | tee || true
done
else
cmd-acl-report-single "$APP" "$INFO_FLAG"
fi
}
cmd-acl-report-single() {
declare APP="$1" INFO_FLAG="$2"
if [[ "$INFO_FLAG" == "true" ]]; then
INFO_FLAG=""
fi
verify_app_name "$APP"
local flag_map=(
"--acl-allowed-users: $(ls -1 "$DOKKU_ROOT/$APP/acl" >&2 2>/dev/null || true)"
"--acl-global-allow-command-line: $DOKKU_ACL_ALLOW_COMMAND_LINE"
"--acl-global-super-user: $DOKKU_SUPER_USER"
"--acl-global-user-commands: $DOKKU_ACL_USER_COMMANDS"
"--acl-global-per-app-commands: $DOKKU_ACL_PER_APP_COMMANDS"
)
if [[ -z "$INFO_FLAG" ]]; then
dokku_log_info2_quiet "${APP} acl information"
for flag in "${flag_map[@]}"; do
key="$(echo "${flag#--}" | cut -f1 -d' ' | tr - ' ')"
dokku_log_verbose "$(printf "%-30s %-25s" "${key^}" "${flag#*: }")"
done
else
local match=false; local value_exists=false
for flag in "${flag_map[@]}"; do
valid_flags="${valid_flags} $(echo "$flag" | cut -d':' -f1)"
if [[ "$flag" == "${INFO_FLAG}:"* ]]; then
value=${flag#*: }
size="${#value}"
if [[ "$size" -ne 0 ]]; then
echo "$value" && match=true && value_exists=true
else
match=true
fi
fi
done
[[ "$match" == "true" ]] || dokku_log_fail "Invalid flag passed, valid flags:${valid_flags}"
[[ "$value_exists" == "true" ]] || dokku_log_fail "not deployed"
fi
}
fn-acl-check-app() {
declare APP="$1"
verify_app_name "$APP"
if [[ -n "${NAME:-}" ]]; then
dokku_log_fail "You can only modify ACL using local dokku command on target host"
fi
}
fn-acl-check-service() {
declare SERVICE_TYPE="$1" SERVICE="$2"
local SERVICE_PATH="$DOKKU_LIB_ROOT/services/$SERVICE_TYPE/$SERVICE"
if ! [[ -d $SERVICE_PATH ]]; then
dokku_log_fail "Service $SERVICE of type $SERVICE_TYPE does not exist"
fi
if [[ -n "${NAME:-}" ]]; then
dokku_log_fail "You can only modify ACL using local dokku command on target host"
fi
}
fn-check-app-acl() {
declare desc="Checks if the current user has an ACL entry for the app"
declare APP="$1" SSH_NAME="$2"
local ACL_FILE="$DOKKU_ROOT/$APP/acl/$SSH_NAME"
if ! ( verify_app_name "$APP" 2>/dev/null ); then
dokku_log_fail "User $SSH_NAME does not have permissions to run $CMD on $APP, or $APP does not exist"
fi
[[ -f "$ACL_FILE" ]] && return 0
dokku_log_fail "User $SSH_NAME does not have permissions to run $CMD on $APP, or $APP does not exist"
}
fn-check-service-acl() {
declare desc="Checks if the current user has an ACL entry for the service"
declare CMD="$1" SERVICE="$2" SSH_NAME="$3"
local SERVICE_TYPE="${CMD%%:*}"
local SERVICE_PATH="$DOKKU_LIB_ROOT/services/$SERVICE_TYPE/$SERVICE"
local ACL_FILE="$SERVICE_PATH/acl/$SSH_NAME"
if ! [[ -d $SERVICE_PATH ]]; then
dokku_log_fail "User $SSH_NAME does not have permissions to run $CMD on $SERVICE, or $SERVICE does not exist"
fi
[[ -f "$ACL_FILE" ]] && return 0
dokku_log_fail "User $SSH_NAME does not have permissions to run $CMD on $SERVICE, or $SERVICE does not exist"
}