k2hr3-api 1.0.25 → 1.0.27
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/ChangeLog +12 -0
- package/lib/k2hr3dkc.js +230 -59
- package/lib/k2hr3tokens.js +94 -60
- package/package.json +5 -5
- package/routes/tenant.js +120 -39
- package/routes/userTokens.js +77 -126
- package/tests/auto_tenant.js +119 -8
- package/tests/auto_usertokens.js +6 -6
- package/tests/manual_tenant_delete.js +46 -12
package/ChangeLog
CHANGED
|
@@ -1,3 +1,15 @@
|
|
|
1
|
+
k2hr3-api (1.0.27) unstable; urgency=low
|
|
2
|
+
|
|
3
|
+
* Updated TENANT API and fixed bugs in TENANT API - #104
|
|
4
|
+
|
|
5
|
+
-- Takeshi Nakatani <ggtakec@gmail.com> Tue, 25 Jul 2023 16:16:10 +0900
|
|
6
|
+
|
|
7
|
+
k2hr3-api (1.0.26) unstable; urgency=low
|
|
8
|
+
|
|
9
|
+
* Added response object members in userToken GET API - #102
|
|
10
|
+
|
|
11
|
+
-- Takeshi Nakatani <ggtakec@gmail.com> Thu, 13 Jul 2023 09:11:09 +0900
|
|
12
|
+
|
|
1
13
|
k2hr3-api (1.0.25) unstable; urgency=low
|
|
2
14
|
|
|
3
15
|
* Added TENANT API for Local Tenant and updated etc - #100
|
package/lib/k2hr3dkc.js
CHANGED
|
@@ -2226,8 +2226,80 @@ function rawRemoveUserFromTenant(dkcobj_permanent, tenant, user)
|
|
|
2226
2226
|
}
|
|
2227
2227
|
|
|
2228
2228
|
//---------------------------------------------------------
|
|
2229
|
-
// Common remove
|
|
2229
|
+
// Common remove local tenant
|
|
2230
2230
|
//---------------------------------------------------------
|
|
2231
|
+
// tenant : tenant name
|
|
2232
|
+
// id : tenant id
|
|
2233
|
+
//
|
|
2234
|
+
// result : true/false
|
|
2235
|
+
//
|
|
2236
|
+
function rawRemoveLocalTenantEx(dkcobj_permanent, tenant, user, id)
|
|
2237
|
+
{
|
|
2238
|
+
if(!(dkcobj_permanent instanceof Object) || !dkcobj_permanent.isPermanent()){
|
|
2239
|
+
r3logger.elog('parameter dkcobj_permanent is not object or not permanent');
|
|
2240
|
+
return false;
|
|
2241
|
+
}
|
|
2242
|
+
|
|
2243
|
+
if(!apiutil.isSafeStrings(tenant, user, id)){
|
|
2244
|
+
r3logger.elog('some parameters are wrong : tenant=' + JSON.stringify(tenant) + ', user=' + JSON.stringify(user) + ', id=' + JSON.stringify(id));
|
|
2245
|
+
return false;
|
|
2246
|
+
}
|
|
2247
|
+
|
|
2248
|
+
//
|
|
2249
|
+
// Keys
|
|
2250
|
+
//
|
|
2251
|
+
var keys = r3keys(user, tenant);
|
|
2252
|
+
|
|
2253
|
+
//
|
|
2254
|
+
// Check tenant name
|
|
2255
|
+
//
|
|
2256
|
+
if(0 !== tenant.indexOf(keys.VALUE_PREFIX_LOCAL_TENANT)){
|
|
2257
|
+
// Not have prefix("local@")
|
|
2258
|
+
r3logger.elog('tenant(' + tenant + ') must be start ' + keys.VALUE_PREFIX_LOCAL_TENANT + ' prefix for local tenant.');
|
|
2259
|
+
return false;
|
|
2260
|
+
}
|
|
2261
|
+
|
|
2262
|
+
//
|
|
2263
|
+
// Find tenant
|
|
2264
|
+
//
|
|
2265
|
+
var result = rawFindTenantEx(dkcobj_permanent, tenant, user, id);
|
|
2266
|
+
if(!apiutil.isSafeEntity(result)){
|
|
2267
|
+
r3logger.elog('could not find tenant(' + tenant + ') with user=' + JSON.stringify(user) + ' and id=' + JSON.stringify(id));
|
|
2268
|
+
return false;
|
|
2269
|
+
}
|
|
2270
|
+
|
|
2271
|
+
//
|
|
2272
|
+
// Check user in tenant user list
|
|
2273
|
+
//
|
|
2274
|
+
if(!apiutil.findStringInArray(result.users, user)){
|
|
2275
|
+
r3logger.elog('user(' + user + ') is not tenant(' + tenant + ') user member.');
|
|
2276
|
+
return false;
|
|
2277
|
+
}
|
|
2278
|
+
|
|
2279
|
+
//
|
|
2280
|
+
// Remove all user from tenant
|
|
2281
|
+
//
|
|
2282
|
+
// [NOTE]
|
|
2283
|
+
// Deleting all users of a tenant automatically deletes the tenant.
|
|
2284
|
+
//
|
|
2285
|
+
var error = false;
|
|
2286
|
+
if(apiutil.isArray(result.users)){
|
|
2287
|
+
for(var cnt = 0; cnt < result.users.length; ++cnt){
|
|
2288
|
+
var delete_user_name = result.users[cnt].replace(keys.USER_TOP_KEY + ':', '');
|
|
2289
|
+
if(!rawRemoveUserFromLocalTenantEx(dkcobj_permanent, tenant, delete_user_name, id)){
|
|
2290
|
+
r3logger.elog('could not delete user(' + delete_user_name + ') from local tenant(' + tenant + '), id(' + id + '), but continue...');
|
|
2291
|
+
error = true;
|
|
2292
|
+
}
|
|
2293
|
+
}
|
|
2294
|
+
}
|
|
2295
|
+
if(error){
|
|
2296
|
+
r3logger.elog('failed to remove some user in local tenant.');
|
|
2297
|
+
return false;
|
|
2298
|
+
}
|
|
2299
|
+
|
|
2300
|
+
return true;
|
|
2301
|
+
}
|
|
2302
|
+
|
|
2231
2303
|
// tenant : tenant name
|
|
2232
2304
|
// user : user name
|
|
2233
2305
|
// id : tenant id
|
|
@@ -2237,7 +2309,7 @@ function rawRemoveUserFromTenant(dkcobj_permanent, tenant, user)
|
|
|
2237
2309
|
// message: null or error message
|
|
2238
2310
|
// }
|
|
2239
2311
|
//
|
|
2240
|
-
function
|
|
2312
|
+
function rawRemoveLocalTenant(tenant, user, id)
|
|
2241
2313
|
{
|
|
2242
2314
|
var resobj = {result: true, message: null};
|
|
2243
2315
|
|
|
@@ -2257,6 +2329,39 @@ function rawRemoveUserFromLocalTenant(tenant, user, id)
|
|
|
2257
2329
|
return resobj;
|
|
2258
2330
|
}
|
|
2259
2331
|
|
|
2332
|
+
if(!rawRemoveLocalTenantEx(dkcobj, tenant, user, id)){
|
|
2333
|
+
resobj.result = false;
|
|
2334
|
+
resobj.message = 'could not remove local tenant(' + JSON.stringify(tenant) + '), id(' + JSON.stringify(id) + ').';
|
|
2335
|
+
r3logger.elog(resobj.message);
|
|
2336
|
+
dkcobj.clean();
|
|
2337
|
+
return resobj;
|
|
2338
|
+
}
|
|
2339
|
+
dkcobj.clean();
|
|
2340
|
+
|
|
2341
|
+
return resobj;
|
|
2342
|
+
}
|
|
2343
|
+
|
|
2344
|
+
//---------------------------------------------------------
|
|
2345
|
+
// Common remove user from local tenant
|
|
2346
|
+
//---------------------------------------------------------
|
|
2347
|
+
// tenant : tenant name
|
|
2348
|
+
// user : user name
|
|
2349
|
+
// id : tenant id
|
|
2350
|
+
//
|
|
2351
|
+
// result : true/false
|
|
2352
|
+
//
|
|
2353
|
+
function rawRemoveUserFromLocalTenantEx(dkcobj_permanent, tenant, user, id)
|
|
2354
|
+
{
|
|
2355
|
+
if(!(dkcobj_permanent instanceof Object) || !dkcobj_permanent.isPermanent()){
|
|
2356
|
+
r3logger.elog('parameter dkcobj_permanent is not object or not permanent');
|
|
2357
|
+
return false;
|
|
2358
|
+
}
|
|
2359
|
+
|
|
2360
|
+
if(!apiutil.isSafeStrings(tenant, user, id)){
|
|
2361
|
+
r3logger.elog('some parameters are wrong : tenant=' + JSON.stringify(tenant) + ', user=' + JSON.stringify(user) + ', id=' + JSON.stringify(id));
|
|
2362
|
+
return false;
|
|
2363
|
+
}
|
|
2364
|
+
|
|
2260
2365
|
//
|
|
2261
2366
|
// Keys
|
|
2262
2367
|
//
|
|
@@ -2267,53 +2372,81 @@ function rawRemoveUserFromLocalTenant(tenant, user, id)
|
|
|
2267
2372
|
//
|
|
2268
2373
|
if(0 !== tenant.indexOf(keys.VALUE_PREFIX_LOCAL_TENANT)){
|
|
2269
2374
|
// Not have prefix("local@")
|
|
2270
|
-
|
|
2271
|
-
|
|
2272
|
-
r3logger.elog(resobj.message);
|
|
2273
|
-
dkcobj.clean();
|
|
2274
|
-
return resobj;
|
|
2375
|
+
r3logger.elog('tenant(' + tenant + ') must be start ' + keys.VALUE_PREFIX_LOCAL_TENANT + ' prefix for local tenant.');
|
|
2376
|
+
return false;
|
|
2275
2377
|
}
|
|
2276
2378
|
|
|
2277
2379
|
//
|
|
2278
2380
|
// Find tenant
|
|
2279
2381
|
//
|
|
2280
|
-
var result = rawFindTenantEx(
|
|
2382
|
+
var result = rawFindTenantEx(dkcobj_permanent, tenant, user, id);
|
|
2281
2383
|
if(!apiutil.isSafeEntity(result)){
|
|
2282
|
-
|
|
2283
|
-
|
|
2284
|
-
r3logger.elog(resobj.message);
|
|
2285
|
-
dkcobj.clean();
|
|
2286
|
-
return resobj;
|
|
2384
|
+
r3logger.elog('could not find tenant(' + tenant + ') with user=' + JSON.stringify(user) + ' and id=' + JSON.stringify(id));
|
|
2385
|
+
return false;
|
|
2287
2386
|
}
|
|
2288
2387
|
|
|
2289
2388
|
//
|
|
2290
2389
|
// Check user list in tenant
|
|
2291
2390
|
//
|
|
2292
2391
|
if(!apiutil.findStringInArray(result.users, user)){
|
|
2293
|
-
|
|
2294
|
-
|
|
2295
|
-
r3logger.elog(resobj.message);
|
|
2296
|
-
dkcobj.clean();
|
|
2297
|
-
return resobj;
|
|
2392
|
+
r3logger.elog('user(' + user + ') is not tenant(' + tenant + ') member.');
|
|
2393
|
+
return false;
|
|
2298
2394
|
}
|
|
2299
2395
|
|
|
2300
2396
|
//
|
|
2301
2397
|
// Remove tenant from user
|
|
2302
2398
|
//
|
|
2303
|
-
if(!rawRemoveTenantFromUser(
|
|
2399
|
+
if(!rawRemoveTenantFromUser(dkcobj_permanent, user, tenant)){
|
|
2400
|
+
r3logger.elog('failed to remove tenant(' + tenant + ') from user(' + user + ').');
|
|
2401
|
+
return false;
|
|
2402
|
+
}
|
|
2403
|
+
|
|
2404
|
+
//
|
|
2405
|
+
// Remove user from tenant
|
|
2406
|
+
//
|
|
2407
|
+
// [NOTE]
|
|
2408
|
+
// If all users of a tenant disappear after deletion, the tenant is automatically deleted.
|
|
2409
|
+
//
|
|
2410
|
+
if(!rawRemoveUserFromTenant(dkcobj_permanent, tenant, user)){
|
|
2411
|
+
r3logger.elog('failed to remove user(' + user + ') from tenant(' + tenant + ').');
|
|
2412
|
+
return false;
|
|
2413
|
+
}
|
|
2414
|
+
|
|
2415
|
+
return true;
|
|
2416
|
+
}
|
|
2417
|
+
|
|
2418
|
+
// tenant : tenant name
|
|
2419
|
+
// user : user name
|
|
2420
|
+
// id : tenant id
|
|
2421
|
+
//
|
|
2422
|
+
// result {
|
|
2423
|
+
// result: true/false
|
|
2424
|
+
// message: null or error message
|
|
2425
|
+
// }
|
|
2426
|
+
//
|
|
2427
|
+
function rawRemoveUserFromLocalTenant(tenant, user, id)
|
|
2428
|
+
{
|
|
2429
|
+
var resobj = {result: true, message: null};
|
|
2430
|
+
|
|
2431
|
+
if(!apiutil.isSafeStrings(tenant, user, id)){
|
|
2304
2432
|
resobj.result = false;
|
|
2305
|
-
resobj.message = '
|
|
2433
|
+
resobj.message = 'some parameters are wrong : tenant=' + JSON.stringify(tenant) + ', user=' + JSON.stringify(user) + ', id=' + JSON.stringify(id);
|
|
2434
|
+
r3logger.elog(resobj.message);
|
|
2435
|
+
return resobj;
|
|
2436
|
+
}
|
|
2437
|
+
|
|
2438
|
+
var dkcobj = k2hdkc(dkcconf, dkcport, dkccuk, true, false); // use permanent object(need to clean)
|
|
2439
|
+
if(!rawInitKeyHierarchy(dkcobj)){
|
|
2440
|
+
resobj.result = false;
|
|
2441
|
+
resobj.message = 'Not initialize yet, or configuration is not set';
|
|
2306
2442
|
r3logger.elog(resobj.message);
|
|
2307
2443
|
dkcobj.clean();
|
|
2308
2444
|
return resobj;
|
|
2309
2445
|
}
|
|
2310
2446
|
|
|
2311
|
-
|
|
2312
|
-
// Remove user from tenant
|
|
2313
|
-
//
|
|
2314
|
-
if(!rawRemoveUserFromTenant(dkcobj, tenant, user)){
|
|
2447
|
+
if(!rawRemoveUserFromLocalTenantEx(dkcobj, tenant, user, id)){
|
|
2315
2448
|
resobj.result = false;
|
|
2316
|
-
resobj.message = '
|
|
2449
|
+
resobj.message = 'could not remove user(' + JSON.stringify(user) + ') from tenant(' + JSON.stringify(tenant) + '), id(' + JSON.stringify(id) + ').';
|
|
2317
2450
|
r3logger.elog(resobj.message);
|
|
2318
2451
|
dkcobj.clean();
|
|
2319
2452
|
return resobj;
|
|
@@ -2387,14 +2520,14 @@ function rawAddTenantToExistedUser(dkcobj_permanent, user, tenant)
|
|
|
2387
2520
|
// id : tenant id, if user is specified(service is specified, do not need this)
|
|
2388
2521
|
// desc : tenant description, if user is specified(service is specified, do not need this)
|
|
2389
2522
|
// display : display name, if user is specified(service is specified, do not need this)
|
|
2390
|
-
//
|
|
2523
|
+
// tenant_users : tenant users in this tenant (this parameter is invalid if service is specified)
|
|
2391
2524
|
//
|
|
2392
2525
|
// [NOTE]
|
|
2393
2526
|
// Both user and service can not be specified at same time.
|
|
2394
2527
|
// This function create keys without resource/policy/role, you must be careful for service
|
|
2395
2528
|
// case.
|
|
2396
2529
|
//
|
|
2397
|
-
function rawCreateTenantEx(dkcobj_permanent, user, tenant, service, id, desc, display,
|
|
2530
|
+
function rawCreateTenantEx(dkcobj_permanent, user, tenant, service, id, desc, display, tenant_users)
|
|
2398
2531
|
{
|
|
2399
2532
|
if(!(dkcobj_permanent instanceof Object) || !dkcobj_permanent.isPermanent()){
|
|
2400
2533
|
r3logger.elog('parameter dkcobj_permanent is not object or not permanent');
|
|
@@ -2420,10 +2553,10 @@ function rawCreateTenantEx(dkcobj_permanent, user, tenant, service, id, desc, di
|
|
|
2420
2553
|
}
|
|
2421
2554
|
service = null;
|
|
2422
2555
|
|
|
2423
|
-
if(apiutil.isEmptyArray(
|
|
2424
|
-
|
|
2556
|
+
if(apiutil.isEmptyArray(tenant_users)){
|
|
2557
|
+
r3logger.elog('parameter is wrong : tenant_users=' + JSON.stringify(tenant_users));
|
|
2558
|
+
return false;
|
|
2425
2559
|
}
|
|
2426
|
-
apiutil.tryAddStringToArray(other_users, user); // add user to other_users
|
|
2427
2560
|
|
|
2428
2561
|
}else if(apiutil.isSafeString(service) && !apiutil.isSafeString(user)){
|
|
2429
2562
|
//
|
|
@@ -2431,7 +2564,7 @@ function rawCreateTenantEx(dkcobj_permanent, user, tenant, service, id, desc, di
|
|
|
2431
2564
|
//
|
|
2432
2565
|
service = service.toLowerCase();
|
|
2433
2566
|
user = null;
|
|
2434
|
-
|
|
2567
|
+
tenant_users= null;
|
|
2435
2568
|
}else{
|
|
2436
2569
|
r3logger.elog('some parameters are wrong(both are empty or not empty) : service=' + JSON.stringify(service) + ', user=' + JSON.stringify(user));
|
|
2437
2570
|
return false;
|
|
@@ -2661,32 +2794,42 @@ function rawCreateTenantEx(dkcobj_permanent, user, tenant, service, id, desc, di
|
|
|
2661
2794
|
}
|
|
2662
2795
|
|
|
2663
2796
|
//
|
|
2664
|
-
// Add
|
|
2797
|
+
// Add tenant users to tenant
|
|
2665
2798
|
//
|
|
2666
|
-
|
|
2667
|
-
|
|
2668
|
-
|
|
2669
|
-
|
|
2670
|
-
|
|
2671
|
-
|
|
2672
|
-
continue;
|
|
2673
|
-
}
|
|
2674
|
-
// check new adding user
|
|
2675
|
-
if(apiutil.tryAddStringToArray(user_subkeylist, added_other_user)){
|
|
2676
|
-
user_subkeylist.sort();
|
|
2677
|
-
need_update_user_key = true;
|
|
2678
|
-
}
|
|
2799
|
+
var new_user_subkeylist = [];
|
|
2800
|
+
for(var cnt = 0; cnt < tenant_users.length; ++cnt){
|
|
2801
|
+
// add one tenant user
|
|
2802
|
+
var added_other_user = rawAddTenantToExistedUser(dkcobj_permanent, tenant_users[cnt], tenant);
|
|
2803
|
+
if(!apiutil.isSafeString(added_other_user)){
|
|
2804
|
+
continue;
|
|
2679
2805
|
}
|
|
2680
|
-
//
|
|
2681
|
-
|
|
2682
|
-
|
|
2683
|
-
if(need_update_user_key){
|
|
2684
|
-
if(!dkcobj_permanent.setSubkeys(keys.TENANT_USER_KEY, user_subkeylist)){ // add subkey yrn:yahoo::::user:<user> -> yrn:yahoo:::<tenant>:user
|
|
2685
|
-
r3logger.elog('could not add ' + keys.USER_KEY + ' subkey under ' + keys.TENANT_USER_KEY + ' key');
|
|
2686
|
-
return false;
|
|
2687
|
-
}
|
|
2806
|
+
// check new adding user
|
|
2807
|
+
if(apiutil.tryAddStringToArray(new_user_subkeylist, added_other_user)){
|
|
2808
|
+
new_user_subkeylist.sort();
|
|
2688
2809
|
}
|
|
2689
2810
|
}
|
|
2811
|
+
|
|
2812
|
+
//
|
|
2813
|
+
// Delete tenant users
|
|
2814
|
+
//
|
|
2815
|
+
for(cnt = 0; cnt < user_subkeylist.length; ++cnt){
|
|
2816
|
+
if(apiutil.findStringInArray(new_user_subkeylist, user_subkeylist[cnt])){
|
|
2817
|
+
continue;
|
|
2818
|
+
}
|
|
2819
|
+
// user does not in new tenant users
|
|
2820
|
+
var delete_user_name = user_subkeylist[cnt].replace(keys.USER_TOP_KEY + ':', '');
|
|
2821
|
+
if(!rawRemoveUserFromLocalTenantEx(dkcobj_permanent, tenant, delete_user_name, id)){
|
|
2822
|
+
r3logger.elog('could not delete user(' + delete_user_name + ') from tenant(' + tenant + '), id(' + id + '), but continue...');
|
|
2823
|
+
}
|
|
2824
|
+
}
|
|
2825
|
+
|
|
2826
|
+
//
|
|
2827
|
+
// Re-update user key in tenant(always update...)
|
|
2828
|
+
//
|
|
2829
|
+
if(!dkcobj_permanent.setSubkeys(keys.TENANT_USER_KEY, new_user_subkeylist)){ // add subkey yrn:yahoo::::user:<user> -> yrn:yahoo:::<tenant>:user
|
|
2830
|
+
r3logger.elog('could not add ' + keys.USER_KEY + ' subkey under ' + keys.TENANT_USER_KEY + ' key');
|
|
2831
|
+
return false;
|
|
2832
|
+
}
|
|
2690
2833
|
}
|
|
2691
2834
|
|
|
2692
2835
|
//
|
|
@@ -2856,13 +2999,14 @@ function rawCheckTenantEnable(dkcobj_permanent, tenant, servicename)
|
|
|
2856
2999
|
// id : tenant id
|
|
2857
3000
|
// desc : tenant description
|
|
2858
3001
|
// display : display name
|
|
2859
|
-
//
|
|
3002
|
+
// tenant_users : tenant users in this tenant (this parameter is invalid if service is specified)
|
|
3003
|
+
// is_replace_users: replace with tenant_users if this flag is true (default). if false, tenant_users will be added.
|
|
2860
3004
|
//
|
|
2861
3005
|
// [NOTE]
|
|
2862
3006
|
// This function does not check the user is a member in tenant, then
|
|
2863
3007
|
// you must check it before calling this function.
|
|
2864
3008
|
//
|
|
2865
|
-
function rawCreateTenant(user, tenant, id, desc, display,
|
|
3009
|
+
function rawCreateTenant(user, tenant, id, desc, display, tenant_users, is_replace_users)
|
|
2866
3010
|
{
|
|
2867
3011
|
var resobj = {result: true, message: null};
|
|
2868
3012
|
|
|
@@ -2884,6 +3028,19 @@ function rawCreateTenant(user, tenant, id, desc, display, other_users)
|
|
|
2884
3028
|
// to string
|
|
2885
3029
|
id = String(id);
|
|
2886
3030
|
}
|
|
3031
|
+
if(!apiutil.isArray(tenant_users) && !apiutil.isSafeString(tenant_users)){
|
|
3032
|
+
// tenant_users must be array or string
|
|
3033
|
+
//
|
|
3034
|
+
resobj.result = false;
|
|
3035
|
+
resobj.message = 'parameter is wrong : tenant_users=' + JSON.stringify(tenant_users);
|
|
3036
|
+
r3logger.elog(resobj.message);
|
|
3037
|
+
return resobj;
|
|
3038
|
+
}else if(!apiutil.isArray(tenant_users)){
|
|
3039
|
+
tenant_users = [tenant_users];
|
|
3040
|
+
}
|
|
3041
|
+
if('boolean' !== typeof is_replace_users){
|
|
3042
|
+
is_replace_users = true;
|
|
3043
|
+
}
|
|
2887
3044
|
|
|
2888
3045
|
var dkcobj = k2hdkc(dkcconf, dkcport, dkccuk, true, false); // use permanent object(need to clean)
|
|
2889
3046
|
if(!rawInitKeyHierarchy(dkcobj)){
|
|
@@ -2894,10 +3051,19 @@ function rawCreateTenant(user, tenant, id, desc, display, other_users)
|
|
|
2894
3051
|
return resobj;
|
|
2895
3052
|
}
|
|
2896
3053
|
|
|
3054
|
+
if(!is_replace_users){
|
|
3055
|
+
var findobj = rawFindTenantEx(dkcobj, tenant, user, id);
|
|
3056
|
+
if(apiutil.isSafeEntity(findobj)){
|
|
3057
|
+
// found tenant
|
|
3058
|
+
tenant_users = apiutil.mergeArray(tenant_users, apiutil.getSafeArray(findobj.users));
|
|
3059
|
+
tenant_users.sort();
|
|
3060
|
+
}
|
|
3061
|
+
}
|
|
3062
|
+
|
|
2897
3063
|
//
|
|
2898
3064
|
// Create tenant top
|
|
2899
3065
|
//
|
|
2900
|
-
if(!rawCreateTenantEx(dkcobj, user, tenant, null, id, desc, display,
|
|
3066
|
+
if(!rawCreateTenantEx(dkcobj, user, tenant, null, id, desc, display, tenant_users)){
|
|
2901
3067
|
resobj.result = false;
|
|
2902
3068
|
resobj.message = 'could not create tenant(' + tenant + ') with id(' + id + '), desc(' + JSON.stringify(desc) + '), display(' + JSON.stringify(display) + '), user(' + user + ')';
|
|
2903
3069
|
r3logger.elog(resobj.message);
|
|
@@ -11783,12 +11949,12 @@ function rawCompareChildrenListName(child1, child2)
|
|
|
11783
11949
|
//
|
|
11784
11950
|
// These functions initializing tenant is without service.
|
|
11785
11951
|
//
|
|
11786
|
-
exports.initTenant = function(tenantname, id, desc, display, user,
|
|
11952
|
+
exports.initTenant = function(tenantname, id, desc, display, user, tenant_users)
|
|
11787
11953
|
{
|
|
11788
11954
|
//
|
|
11789
11955
|
// Must initialize service key before calling this if specified service parameter
|
|
11790
11956
|
//
|
|
11791
|
-
return rawCreateTenant(user, tenantname, id, desc, display,
|
|
11957
|
+
return rawCreateTenant(user, tenantname, id, desc, display, tenant_users, true);
|
|
11792
11958
|
};
|
|
11793
11959
|
|
|
11794
11960
|
exports.initUser = function(user, id, username, tenant)
|
|
@@ -11801,7 +11967,7 @@ exports.initUserTenant = function(user, userid, username, tenant, tenantid, tena
|
|
|
11801
11967
|
//
|
|
11802
11968
|
// Must initialize service key before calling this if specified service parameter
|
|
11803
11969
|
//
|
|
11804
|
-
var resobj = rawCreateTenant(user, tenant, tenantid, tenantdesc, tenantdisplay);
|
|
11970
|
+
var resobj = rawCreateTenant(user, tenant, tenantid, tenantdesc, tenantdisplay, user, false);
|
|
11805
11971
|
if(resobj.result){
|
|
11806
11972
|
resobj = rawCreateUser(user, userid, username, tenant);
|
|
11807
11973
|
}
|
|
@@ -11823,6 +11989,11 @@ exports.removeUserFromLocalTenant = function(tenant, user, id)
|
|
|
11823
11989
|
return rawRemoveUserFromLocalTenant(tenant, user, id);
|
|
11824
11990
|
};
|
|
11825
11991
|
|
|
11992
|
+
exports.removeLocalTenant = function(tenant, user, id)
|
|
11993
|
+
{
|
|
11994
|
+
return rawRemoveLocalTenant(tenant, user, id);
|
|
11995
|
+
};
|
|
11996
|
+
|
|
11826
11997
|
exports.getUserId = function(username)
|
|
11827
11998
|
{
|
|
11828
11999
|
return rawGetUserId(username);
|
package/lib/k2hr3tokens.js
CHANGED
|
@@ -639,16 +639,19 @@ function rawRemoveScopedUserToken(token)
|
|
|
639
639
|
//
|
|
640
640
|
// result : null or token information
|
|
641
641
|
// {
|
|
642
|
-
// role:
|
|
643
|
-
// user:
|
|
644
|
-
// hostname:
|
|
645
|
-
// ip:
|
|
646
|
-
// port:
|
|
647
|
-
// cuk:
|
|
648
|
-
// extra:
|
|
649
|
-
// tenant:
|
|
650
|
-
//
|
|
651
|
-
//
|
|
642
|
+
// role: role name
|
|
643
|
+
// user: user name
|
|
644
|
+
// hostname: always null
|
|
645
|
+
// ip: always null
|
|
646
|
+
// port: always 0
|
|
647
|
+
// cuk: always null
|
|
648
|
+
// extra: always null
|
|
649
|
+
// tenant: tenant name
|
|
650
|
+
// display: display alias name for tenant
|
|
651
|
+
// id: tenant id string
|
|
652
|
+
// description: description for tenant
|
|
653
|
+
// scoped: role token is always scoped(true)
|
|
654
|
+
// region: when user token, the creator region name of the token
|
|
652
655
|
// }
|
|
653
656
|
//
|
|
654
657
|
function rawCheckUserToken(token)
|
|
@@ -1747,16 +1750,19 @@ function rawGetDirectRoleTokenInfo(dkcobj_permanent, tokens)
|
|
|
1747
1750
|
//
|
|
1748
1751
|
// result : null or token information
|
|
1749
1752
|
// {
|
|
1750
|
-
// role:
|
|
1751
|
-
// user:
|
|
1752
|
-
// hostname:
|
|
1753
|
-
// ip:
|
|
1754
|
-
// port:
|
|
1755
|
-
// cuk:
|
|
1756
|
-
// extra:
|
|
1757
|
-
// tenant:
|
|
1758
|
-
//
|
|
1759
|
-
//
|
|
1753
|
+
// role: role name
|
|
1754
|
+
// user: null or user name
|
|
1755
|
+
// hostname: null or host name
|
|
1756
|
+
// ip: null or ip address
|
|
1757
|
+
// port: port number(if host is existed), 0 means any
|
|
1758
|
+
// cuk: cuk(allowed null)
|
|
1759
|
+
// extra: extra(allowed null)
|
|
1760
|
+
// tenant: tenant name
|
|
1761
|
+
// display: display alias name for tenant
|
|
1762
|
+
// id: tenant id string
|
|
1763
|
+
// description: description for tenant
|
|
1764
|
+
// scoped: role token is always scoped(true)
|
|
1765
|
+
// region: role token is always null
|
|
1760
1766
|
// }
|
|
1761
1767
|
//
|
|
1762
1768
|
function rawCheckRoleToken(token, ip, port, cuk, is_strict)
|
|
@@ -1828,6 +1834,12 @@ function rawCheckRoleToken(token, ip, port, cuk, is_strict)
|
|
|
1828
1834
|
return null;
|
|
1829
1835
|
}
|
|
1830
1836
|
|
|
1837
|
+
// Get tenant information
|
|
1838
|
+
var tenant_keys = r3keys(null, value.tenant);
|
|
1839
|
+
value.display = apiutil.getSafeString(dkcobj.getValue(tenant_keys.TENANT_DISP_KEY, null, true, null));
|
|
1840
|
+
value.id = apiutil.getSafeString(dkcobj.getValue(tenant_keys.TENANT_ID_KEY, null, true, null));
|
|
1841
|
+
value.description = apiutil.getSafeString(dkcobj.getValue(tenant_keys.TENANT_DESC_KEY, null, true, null));
|
|
1842
|
+
|
|
1831
1843
|
// compare ip address, if they are specified and token is not created by user
|
|
1832
1844
|
if(!apiutil.isSafeString(value.user)){
|
|
1833
1845
|
if(!apiutil.isSafeString(ip) || ip !== value.ip){
|
|
@@ -1909,17 +1921,20 @@ function rawCheckRoleToken(token, ip, port, cuk, is_strict)
|
|
|
1909
1921
|
}
|
|
1910
1922
|
|
|
1911
1923
|
// make result
|
|
1912
|
-
var token_info
|
|
1913
|
-
token_info.role
|
|
1914
|
-
token_info.user
|
|
1915
|
-
token_info.hostname
|
|
1916
|
-
token_info.ip
|
|
1917
|
-
token_info.port
|
|
1918
|
-
token_info.cuk
|
|
1919
|
-
token_info.extra
|
|
1920
|
-
token_info.tenant
|
|
1921
|
-
token_info.
|
|
1922
|
-
token_info.
|
|
1924
|
+
var token_info = {};
|
|
1925
|
+
token_info.role = value.role;
|
|
1926
|
+
token_info.user = value.user;
|
|
1927
|
+
token_info.hostname = value.hostname; // hostname
|
|
1928
|
+
token_info.ip = value.ip;
|
|
1929
|
+
token_info.port = value.port;
|
|
1930
|
+
token_info.cuk = value.cuk;
|
|
1931
|
+
token_info.extra = value.extra;
|
|
1932
|
+
token_info.tenant = value.tenant;
|
|
1933
|
+
token_info.display = value.display;
|
|
1934
|
+
token_info.id = value.id;
|
|
1935
|
+
token_info.description = value.description;
|
|
1936
|
+
token_info.scoped = true; // role token is always scoped
|
|
1937
|
+
token_info.region = null;
|
|
1923
1938
|
|
|
1924
1939
|
return token_info;
|
|
1925
1940
|
}
|
|
@@ -2152,10 +2167,19 @@ function rawGetUserTenantByToken(token)
|
|
|
2152
2167
|
dkcobj.clean();
|
|
2153
2168
|
return null;
|
|
2154
2169
|
}
|
|
2155
|
-
var
|
|
2156
|
-
var
|
|
2157
|
-
|
|
2158
|
-
|
|
2170
|
+
var user_name = apiutil.getSafeString(matches[1]);
|
|
2171
|
+
var tenant_name = apiutil.getSafeString(matches[2]);
|
|
2172
|
+
var tenant_display = null;
|
|
2173
|
+
var tenant_id = null;
|
|
2174
|
+
var tenant_desc = null;
|
|
2175
|
+
|
|
2176
|
+
if('' === tenant_name){
|
|
2177
|
+
tenant_name = null;
|
|
2178
|
+
}else{
|
|
2179
|
+
var tenant_keys = r3keys(user_name, tenant_name);
|
|
2180
|
+
tenant_display = apiutil.getSafeString(dkcobj.getValue(tenant_keys.TENANT_DISP_KEY, null, true, null));
|
|
2181
|
+
tenant_id = apiutil.getSafeString(dkcobj.getValue(tenant_keys.TENANT_ID_KEY, null, true, null));
|
|
2182
|
+
tenant_desc = apiutil.getSafeString(dkcobj.getValue(tenant_keys.TENANT_DESC_KEY, null, true, null));
|
|
2159
2183
|
}
|
|
2160
2184
|
|
|
2161
2185
|
// if token has seed, need to check seed
|
|
@@ -2168,20 +2192,21 @@ function rawGetUserTenantByToken(token)
|
|
|
2168
2192
|
//
|
|
2169
2193
|
//r3logger.dlog('token key(' + user_token_key + ') has seed.');
|
|
2170
2194
|
|
|
2171
|
-
var vres = osapi.verifyUserToken(
|
|
2195
|
+
var vres = osapi.verifyUserToken(user_name, tenant_name, token, token_seed);
|
|
2172
2196
|
if(!vres.result){
|
|
2173
2197
|
r3logger.elog('failed to verify token(' + token + ') with seed by ' + vres.message);
|
|
2174
2198
|
return null;
|
|
2175
2199
|
}
|
|
2176
2200
|
}
|
|
2177
2201
|
|
|
2178
|
-
/* eslint-disable indent, no-mixed-spaces-and-tabs */
|
|
2179
2202
|
var result = {
|
|
2180
|
-
|
|
2181
|
-
|
|
2182
|
-
|
|
2183
|
-
|
|
2184
|
-
|
|
2203
|
+
user: user_name,
|
|
2204
|
+
tenant: tenant_name,
|
|
2205
|
+
display: tenant_display,
|
|
2206
|
+
id: tenant_id,
|
|
2207
|
+
description: tenant_desc,
|
|
2208
|
+
region: region
|
|
2209
|
+
};
|
|
2185
2210
|
|
|
2186
2211
|
return result;
|
|
2187
2212
|
}
|
|
@@ -2191,8 +2216,10 @@ function rawGetUserTenantByToken(token)
|
|
|
2191
2216
|
//---------------------------------------------------------
|
|
2192
2217
|
// result [
|
|
2193
2218
|
// {
|
|
2194
|
-
// name:
|
|
2195
|
-
// display:
|
|
2219
|
+
// name: "tenant name", => tenant name which is "key" in k2hdkc
|
|
2220
|
+
// display: "display tenant name" => display alias name for tenant
|
|
2221
|
+
// id: "tenant id" => tenant id string
|
|
2222
|
+
// description: "tenant description" => description for tenant
|
|
2196
2223
|
// },
|
|
2197
2224
|
// ...
|
|
2198
2225
|
// ]
|
|
@@ -2245,13 +2272,15 @@ function rawGetTenantListByUserWithDkc(dkcobj_permanent, user)
|
|
|
2245
2272
|
var tenant_list = new Array(0);
|
|
2246
2273
|
for(cnt = 0; cnt < name_list.length; ++cnt){
|
|
2247
2274
|
var tenant_keys = r3keys(user, name_list[cnt]);
|
|
2248
|
-
var
|
|
2249
|
-
|
|
2250
|
-
|
|
2251
|
-
|
|
2275
|
+
var tenant_display = apiutil.getSafeString(dkcobj_permanent.getValue(tenant_keys.TENANT_DISP_KEY, null, true, null));
|
|
2276
|
+
var tenant_id = apiutil.getSafeString(dkcobj_permanent.getValue(tenant_keys.TENANT_ID_KEY, null, true, null));
|
|
2277
|
+
var tenant_desc = apiutil.getSafeString(dkcobj_permanent.getValue(tenant_keys.TENANT_DESC_KEY, null, true, null));
|
|
2278
|
+
|
|
2252
2279
|
tenant_list.push({
|
|
2253
2280
|
name: name_list[cnt],
|
|
2254
|
-
display:
|
|
2281
|
+
display: tenant_display,
|
|
2282
|
+
id: tenant_id,
|
|
2283
|
+
description: tenant_desc
|
|
2255
2284
|
});
|
|
2256
2285
|
}
|
|
2257
2286
|
|
|
@@ -2260,8 +2289,10 @@ function rawGetTenantListByUserWithDkc(dkcobj_permanent, user)
|
|
|
2260
2289
|
|
|
2261
2290
|
// result [
|
|
2262
2291
|
// {
|
|
2263
|
-
// name:
|
|
2264
|
-
// display:
|
|
2292
|
+
// name: "tenant name", => tenant name which is "key" in k2hdkc
|
|
2293
|
+
// display: "display tenant name" => display alias name for tenant
|
|
2294
|
+
// id: "tenant id" => tenant id string
|
|
2295
|
+
// description: "tenant description" => description for tenant
|
|
2265
2296
|
// },
|
|
2266
2297
|
// ...
|
|
2267
2298
|
// ]
|
|
@@ -2429,15 +2460,18 @@ function rawCheckTenantInTenantList(tenants, tenant)
|
|
|
2429
2460
|
//
|
|
2430
2461
|
// token is following:
|
|
2431
2462
|
// {
|
|
2432
|
-
// role:
|
|
2433
|
-
// user:
|
|
2434
|
-
// hostname:
|
|
2435
|
-
// ip:
|
|
2436
|
-
// port:
|
|
2437
|
-
// cuk:
|
|
2438
|
-
// extra:
|
|
2439
|
-
// tenant:
|
|
2440
|
-
//
|
|
2463
|
+
// role: role name
|
|
2464
|
+
// user: null or user name
|
|
2465
|
+
// hostname: null or host name
|
|
2466
|
+
// ip: null or host ip address
|
|
2467
|
+
// port: port number(if host is existed), 0 means any
|
|
2468
|
+
// cuk: cuk(allowed null)
|
|
2469
|
+
// extra: extra(allowed null)
|
|
2470
|
+
// tenant: tenant name
|
|
2471
|
+
// display: display alias name for tenant
|
|
2472
|
+
// id: tenant id string
|
|
2473
|
+
// description: description for tenant
|
|
2474
|
+
// scoped: role token is always scoped(true)
|
|
2441
2475
|
// }
|
|
2442
2476
|
|
|
2443
2477
|
function rawCheckToken(req, is_scoped, is_user)
|