From ceee0bf2f497537058659e98479fb40faaa84812 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Emmanuel=20Beno=C3=AEt?= Date: Sat, 13 Feb 2021 18:26:37 +0100 Subject: [PATCH] Minor stylistic changes --- config.go | 50 +++++++++++++++++++++++++------------------------- graylog.go | 46 +++++++++++++++++++++++----------------------- ldap.go | 24 ++++++++++++------------ 3 files changed, 60 insertions(+), 60 deletions(-) diff --git a/config.go b/config.go index 6e24009..bdfd93e 100644 --- a/config.go +++ b/config.go @@ -13,11 +13,11 @@ type ( * */ // LDAP server configuration - LdapConfig struct { - Host string - Port uint16 - Tls string - TlsNoVerify bool `yaml:"tls_skip_verify"` + ldapConfig struct { + Host string `yaml:"host"` + Port uint16 `yaml:"port"` + TLS string `yaml:"tls"` + TLSNoVerify bool `yaml:"tls_skip_verify"` CaChain string `yaml:"cachain"` BindUser string `yaml:"bind_user"` BindPassword string `yaml:"bind_password"` @@ -26,39 +26,39 @@ type ( } // Graylog server configuration - GraylogConfig struct { - ApiBase string `yaml:"api_base"` + graylogConfig struct { + APIBase string `yaml:"api_base"` Username string Password string DeleteAccounts bool `yaml:"delete_accounts"` } // A Graylog object on which privileges are defined - GraylogObject struct { - Type string - Id string - Level string + graylogObject struct { + Type string `yaml:"type"` + ID string `yaml:"id"` + Level string `yaml:"level"` } // A mapping from a LDAP group to a set of privileges - GroupPrivileges struct { + groupPrivileges struct { Roles []string - Privileges []GraylogObject + Privileges []graylogObject } // All group mappings - GroupMapping map[string]GroupPrivileges + groupMapping map[string]groupPrivileges // The whole configuration - Configuration struct { - Ldap LdapConfig - Graylog GraylogConfig - Mapping GroupMapping + configuration struct { + LDAP ldapConfig + Graylog graylogConfig + Mapping groupMapping } ) // Check group/privilege mapping configuration -func checkPrivMapping(cfg GroupMapping, log *logrus.Entry) { +func checkPrivMapping(cfg groupMapping, log *logrus.Entry) { for group, info := range cfg { log := log.WithField("group", group) for index, priv := range info.Privileges { @@ -76,7 +76,7 @@ func checkPrivMapping(cfg GroupMapping, log *logrus.Entry) { } // Load and check the configuration file -func loadConfiguration(flags cliFlags) (configuration Configuration) { +func loadConfiguration(flags cliFlags) (cfg configuration) { log := log.WithField("config", flags.cfgFile) log.Trace("Loading configuration") cfgData, err := ioutil.ReadFile(flags.cfgFile) @@ -84,17 +84,17 @@ func loadConfiguration(flags cliFlags) (configuration Configuration) { log.WithField("error", err).Fatal("Could not load configuration") } - configuration = Configuration{ - Ldap: LdapConfig{ + cfg = configuration{ + LDAP: ldapConfig{ Port: 389, - Tls: "no", + TLS: "no", }, } - err = yaml.Unmarshal(cfgData, &configuration) + err = yaml.Unmarshal(cfgData, &cfg) if err != nil { log.WithField("error", err).Fatal("Could not parse configuration") } - checkPrivMapping(configuration.Mapping, log) + checkPrivMapping(cfg.Mapping, log) return } diff --git a/graylog.go b/graylog.go index 343a852..4d52328 100644 --- a/graylog.go +++ b/graylog.go @@ -13,15 +13,15 @@ import ( type ( // A Graylog user and associated roles - GraylogUser struct { + graylogUser struct { Username string Roles []string } // The response obtained when querying the Graylog server for a list of users. - GlUsers struct { + graylogUsers struct { Users []struct { - GraylogUser + graylogUser External bool } } @@ -53,16 +53,16 @@ var ( ) // Execute a Graylog API request, returning the status code and the body -func executeApiCall(cfg GraylogConfig, method string, path string, data io.Reader) (status int, body []byte) { +func executeAPICall(cfg graylogConfig, method string, path string, data io.Reader) (status int, body []byte) { log := log.WithFields(logrus.Fields{ - "base": cfg.ApiBase, + "base": cfg.APIBase, "username": cfg.Username, "method": method, "path": path, }) log.Trace("Executing Graylog API call") client := &http.Client{} - request, err := http.NewRequest(method, fmt.Sprintf("%s/%s", cfg.ApiBase, path), data) + request, err := http.NewRequest(method, fmt.Sprintf("%s/%s", cfg.APIBase, path), data) if err != nil { log.WithField("error", err).Fatal("Could not create HTTP request") } @@ -86,22 +86,22 @@ func executeApiCall(cfg GraylogConfig, method string, path string, data io.Reade } // Get the list of Graylog users that have been imported from LDAP -func getGraylogUsers(configuration GraylogConfig) (users []GraylogUser) { +func getGraylogUsers(configuration graylogConfig) (users []graylogUser) { log.Trace("Getting users from the Graylog API") - status, body := executeApiCall(configuration, "GET", "users", nil) + status, body := executeAPICall(configuration, "GET", "users", nil) if status != 200 { log.WithField("status", status).Fatal("Could not read users") } - data := GlUsers{} + data := graylogUsers{} if err := json.Unmarshal(body, &data); err != nil { log.WithField("error", err).Fatal("Could not parse Graylog's user list") } - users = make([]GraylogUser, 0) + users = make([]graylogUser, 0) for _, item := range data.Users { if item.External { - users = append(users, item.GraylogUser) + users = append(users, item.graylogUser) } } log.WithField("users", len(users)).Info("Obtained users from the Graylog API") @@ -109,7 +109,7 @@ func getGraylogUsers(configuration GraylogConfig) (users []GraylogUser) { } // List groups an user is a member of. -func getUserGroups(user string, membership GroupMembers) (groups []string) { +func getUserGroups(user string, membership ldapGroupMembers) (groups []string) { groups = make([]string, 0) for group, members := range membership { for _, member := range members { @@ -123,7 +123,7 @@ func getUserGroups(user string, membership GroupMembers) (groups []string) { } // Compute roles that should apply to an user -func computeRoles(mapping GroupMapping, membership []string) (roles []string) { +func computeRoles(mapping groupMapping, membership []string) (roles []string) { rset := make(map[string]bool) for _, group := range membership { for _, role := range mapping[group].Roles { @@ -141,7 +141,7 @@ func computeRoles(mapping GroupMapping, membership []string) (roles []string) { } // Compute privileges on Graylog objects that should be granted to an user -func computePrivileges(mapping GroupMapping, membership []string) (privileges []string) { +func computePrivileges(mapping groupMapping, membership []string) (privileges []string) { type privInfo struct { otp, oid string priv int @@ -149,7 +149,7 @@ func computePrivileges(mapping GroupMapping, membership []string) (privileges [] rset := make(map[string]privInfo) for _, group := range membership { for _, priv := range mapping[group].Privileges { - key := fmt.Sprintf("%s:%s", priv.Type, priv.Id) + key := fmt.Sprintf("%s:%s", priv.Type, priv.ID) record, ok := rset[key] level := privLevels[priv.Level] if ok && level <= record.priv { @@ -157,7 +157,7 @@ func computePrivileges(mapping GroupMapping, membership []string) (privileges [] } if !ok { record.otp = priv.Type - record.oid = priv.Id + record.oid = priv.ID } record.priv = level rset[key] = record @@ -176,10 +176,10 @@ func computePrivileges(mapping GroupMapping, membership []string) (privileges [] } // Delete a Graylog user account -func deleteAccount(cfg GraylogConfig, user string) { +func deleteAccount(cfg graylogConfig, user string) { log := log.WithField("user", user) log.Warning("Deleting Graylog account") - code, body := executeApiCall(cfg, "DELETE", fmt.Sprintf("/users/%s", user), nil) + code, body := executeAPICall(cfg, "DELETE", fmt.Sprintf("/users/%s", user), nil) if code != 204 { log.WithFields(logrus.Fields{ "status": code, @@ -207,7 +207,7 @@ func getDifference(a []string, b []string) (diff []string) { } // Set an account's roles and grant it access to Graylog objects -func setUserPrivileges(cfg GraylogConfig, user GraylogUser, roles []string, privileges []string) { +func setUserPrivileges(cfg graylogConfig, user graylogUser, roles []string, privileges []string) { log := log.WithField("user", user.Username) type perms struct { @@ -219,7 +219,7 @@ func setUserPrivileges(cfg GraylogConfig, user GraylogUser, roles []string, priv log.WithField("error", err).Fatal("Unable to generate permissions JSON") } log.WithField("privileges", privileges).Info("Setting permissions") - code, body := executeApiCall(cfg, "PUT", + code, body := executeAPICall(cfg, "PUT", fmt.Sprintf("users/%s/permissions", user.Username), bytes.NewBuffer(data)) if code != 204 { @@ -233,7 +233,7 @@ func setUserPrivileges(cfg GraylogConfig, user GraylogUser, roles []string, priv for _, role := range getDifference(roles, user.Roles) { ep := fmt.Sprintf("roles/%s/members/%s", role, user.Username) log.WithField("role", role).Info("Adding role") - code, body := executeApiCall(cfg, "PUT", ep, placeholder) + code, body := executeAPICall(cfg, "PUT", ep, placeholder) if code != 204 { log.WithFields(logrus.Fields{ "status": code, @@ -245,7 +245,7 @@ func setUserPrivileges(cfg GraylogConfig, user GraylogUser, roles []string, priv for _, role := range getDifference(user.Roles, roles) { ep := fmt.Sprintf("roles/%s/members/%s", role, user.Username) log.WithField("role", role).Info("Removing role") - code, body := executeApiCall(cfg, "DELETE", ep, nil) + code, body := executeAPICall(cfg, "DELETE", ep, nil) if code != 204 { log.WithFields(logrus.Fields{ "status": code, @@ -257,7 +257,7 @@ func setUserPrivileges(cfg GraylogConfig, user GraylogUser, roles []string, priv } // Apply privilege mappings to the external Graylog users -func applyMapping(cfg Configuration, users []GraylogUser, groups GroupMembers) { +func applyMapping(cfg configuration, users []graylogUser, groups ldapGroupMembers) { for _, user := range users { log := log.WithField("user", user.Username) membership := getUserGroups(user.Username, groups) diff --git a/ldap.go b/ldap.go index 1b2eb84..e8ccfee 100644 --- a/ldap.go +++ b/ldap.go @@ -17,28 +17,28 @@ type ( ldapConn struct { conn *ldap.Conn log *logrus.Entry - cfg LdapConfig + cfg ldapConfig usernames map[string]string counter uint } // LDAP group members - GroupMembers map[string][]string + ldapGroupMembers map[string][]string ) // Establish a connection to the LDAP server -func getLdapConnection(cfg LdapConfig) *ldapConn { +func getLdapConnection(cfg ldapConfig) *ldapConn { dest := fmt.Sprintf("%s:%d", cfg.Host, cfg.Port) log := log.WithFields(logrus.Fields{ "ldap_server": dest, - "ldap_tls": cfg.Tls, + "ldap_tls": cfg.TLS, }) log.Trace("Establishing LDAP connection") tlsConfig := &tls.Config{ - InsecureSkipVerify: cfg.TlsNoVerify, + InsecureSkipVerify: cfg.TLSNoVerify, } - if cfg.Tls != "no" && cfg.CaChain != "" { + if cfg.TLS != "no" && cfg.CaChain != "" { log := log.WithField("cachain", cfg.CaChain) data, err := ioutil.ReadFile(cfg.CaChain) if err != nil { @@ -53,7 +53,7 @@ func getLdapConnection(cfg LdapConfig) *ldapConn { var err error var lc *ldap.Conn - if cfg.Tls == "yes" { + if cfg.TLS == "yes" { lc, err = ldap.DialTLS("tcp", dest, tlsConfig) } else { lc, err = ldap.Dial("tcp", dest) @@ -62,7 +62,7 @@ func getLdapConnection(cfg LdapConfig) *ldapConn { log.WithField("error", err).Fatal("Failed to connect to the LDAP server") } - if cfg.Tls == "starttls" { + if cfg.TLS == "starttls" { err = lc.StartTLS(tlsConfig) if err != nil { lc.Close() @@ -201,11 +201,11 @@ func (conn *ldapConn) getGroupMembers(group string) (members []string) { } // Read the list of group members from the LDAP server for all groups in the mapping section. -func readLdapGroups(configuration Configuration) GroupMembers { - conn := getLdapConnection(configuration.Ldap) +func readLdapGroups(cfg configuration) ldapGroupMembers { + conn := getLdapConnection(cfg.LDAP) defer conn.close() - groups := make(GroupMembers) - for group := range configuration.Mapping { + groups := make(ldapGroupMembers) + for group := range cfg.Mapping { groups[group] = conn.getGroupMembers(group) } return groups