go/src/v.io/x/sensorlog/internal/measure/syncgroup.go - release.projects.sensorlog - Git at Google

 // Copyright 2015 The Vanadium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.

 // Measured methods for syncgroup management.

 package measure

 import (
 	"fmt"

 	"v.io/v23"
 	"v.io/v23/context"
 	"v.io/v23/security/access"
 	nosql_wire "v.io/v23/services/syncbase/nosql"
 	"v.io/v23/syncbase/nosql"
 	"v.io/v23/verror"
 	"v.io/x/sensorlog_lite/internal/config"
 	"v.io/x/sensorlog_lite/internal/sbutil"
 )

 // InitSyncGroup creates the syncgroup for the measuring device devId, giving
 // full configuration access to admin. The syncgroup uses sgPublishSb and
 // sgMountTables for publishing (create/join) and syncing, respectively.
 // InitSyncGroup must not be called concurrently for the same devId, or
 // retried with different parameters for the same devId, otherwise behaviour
 // is unspecified.
 func InitSyncGroup(ctx *context.T, db nosql.Database, devId, admin, sgPublishSb string, sgMountTables []string) error {
 	sgName := config.SyncGroupName(sgPublishSb, devId)
 	// Check for syncgroup. If it already exists, we have nothing to do.
 	if sgs, err := db.GetSyncGroupNames(ctx); err != nil {
 		return err
 	} else {
 		for _, sg := range sgs {
 			if sg == sgName {
 				return nil
 			}
 		}
 	}

 	// Both measured and admin client have full permissions on the syncgroup.
 	sgAcl := access.Permissions{}
 	sbutil.AddPermsForPrincipal(&sgAcl, v23.GetPrincipal(ctx), access.AllTypicalTags()...)
 	sbutil.AddPermsForPattern(&sgAcl, admin, access.AllTypicalTags()...)

 	// Maps all syncgroup prefixes to ACLs.
 	prefixSpec := make(map[nosql_wire.SyncGroupPrefix]access.Permissions)

 	// StreamDef : <devId>
 	// Admin client has full permissions, measured drops to readonly.
 	prefixStreamDef := nosql_wire.SyncGroupPrefix{
 		TableName: config.StreamDefTable,
 		RowPrefix: devId,
 	}
 	aclStreamDef := access.Permissions{}
 	sbutil.AddPermsForPrincipal(&aclStreamDef, v23.GetPrincipal(ctx), access.Resolve, access.Read)
 	sbutil.AddPermsForPattern(&aclStreamDef, admin, access.AllTypicalTags()...)
 	prefixSpec[prefixStreamDef] = aclStreamDef

 	var prefixes []nosql_wire.SyncGroupPrefix
 	// Apply prefix ACLs to all syncgroup prefixes.
 	for prefix, prefixAcl := range prefixSpec {
 		// Ignore ErrNoAccess, assume we already dropped permissions.
 		err := db.Table(prefix.TableName).SetPrefixPermissions(ctx, nosql.Prefix(prefix.RowPrefix), prefixAcl)
 		if err != nil && verror.ErrorID(err) != verror.ErrNoAccess.ID {
 			return err
 		}
 		prefixes = append(prefixes, prefix)
 	}

 	sgSpec := nosql_wire.SyncGroupSpec{
 		Description: fmt.Sprintf("measured-main-%s", devId),
 		Perms:       sgAcl,
 		Prefixes:    prefixes,
 		MountTables: sgMountTables,
 	}
 	sgMemberInfo := nosql_wire.SyncGroupMemberInfo{SyncPriority: config.SyncPriority}

 	return db.SyncGroup(sgName).Create(ctx, sgSpec, sgMemberInfo)
 }
	// Copyright 2015 The Vanadium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style
	// license that can be found in the LICENSE file.

	// Measured methods for syncgroup management.

	package measure

	import (
	"fmt"

	"v.io/v23"
	"v.io/v23/context"
	"v.io/v23/security/access"
	nosql_wire "v.io/v23/services/syncbase/nosql"
	"v.io/v23/syncbase/nosql"
	"v.io/v23/verror"
	"v.io/x/sensorlog_lite/internal/config"
	"v.io/x/sensorlog_lite/internal/sbutil"
	)

	// InitSyncGroup creates the syncgroup for the measuring device devId, giving
	// full configuration access to admin. The syncgroup uses sgPublishSb and
	// sgMountTables for publishing (create/join) and syncing, respectively.
	// InitSyncGroup must not be called concurrently for the same devId, or
	// retried with different parameters for the same devId, otherwise behaviour
	// is unspecified.
	func InitSyncGroup(ctx *context.T, db nosql.Database, devId, admin, sgPublishSb string, sgMountTables []string) error {
	sgName := config.SyncGroupName(sgPublishSb, devId)
	// Check for syncgroup. If it already exists, we have nothing to do.
	if sgs, err := db.GetSyncGroupNames(ctx); err != nil {
	return err
	} else {
	for _, sg := range sgs {
	if sg == sgName {
	return nil
	}
	}
	}

	// Both measured and admin client have full permissions on the syncgroup.
	sgAcl := access.Permissions{}
	sbutil.AddPermsForPrincipal(&sgAcl, v23.GetPrincipal(ctx), access.AllTypicalTags()...)
	sbutil.AddPermsForPattern(&sgAcl, admin, access.AllTypicalTags()...)

	// Maps all syncgroup prefixes to ACLs.
	prefixSpec := make(map[nosql_wire.SyncGroupPrefix]access.Permissions)

	// StreamDef : <devId>
	// Admin client has full permissions, measured drops to readonly.
	prefixStreamDef := nosql_wire.SyncGroupPrefix{
	TableName: config.StreamDefTable,
	RowPrefix: devId,
	}
	aclStreamDef := access.Permissions{}
	sbutil.AddPermsForPrincipal(&aclStreamDef, v23.GetPrincipal(ctx), access.Resolve, access.Read)
	sbutil.AddPermsForPattern(&aclStreamDef, admin, access.AllTypicalTags()...)
	prefixSpec[prefixStreamDef] = aclStreamDef

	var prefixes []nosql_wire.SyncGroupPrefix
	// Apply prefix ACLs to all syncgroup prefixes.
	for prefix, prefixAcl := range prefixSpec {
	// Ignore ErrNoAccess, assume we already dropped permissions.
	err := db.Table(prefix.TableName).SetPrefixPermissions(ctx, nosql.Prefix(prefix.RowPrefix), prefixAcl)
	if err != nil && verror.ErrorID(err) != verror.ErrNoAccess.ID {
	return err
	}
	prefixes = append(prefixes, prefix)
	}

	sgSpec := nosql_wire.SyncGroupSpec{
	Description: fmt.Sprintf("measured-main-%s", devId),
	Perms: sgAcl,
	Prefixes: prefixes,
	MountTables: sgMountTables,
	}
	sgMemberInfo := nosql_wire.SyncGroupMemberInfo{SyncPriority: config.SyncPriority}

	return db.SyncGroup(sgName).Create(ctx, sgSpec, sgMemberInfo)
	}