GitHub user jihuayu added a comment to the discussion: ACL Proposal
@PragmaTwice @git-hulk @caipengbo Thank you for your feedback.
> Is version necessary? Could you explain a bit about it?
@PragmaTwice Version is not required; it’s just reserved for possible future
needs. Some external management apps can use this field to identify versions
more easily. I think reserving this field now will save us trouble if new
requirements arise later. If you think it's unnecessary, it OK to remove it.
@git-hulk I have updated the struct design. It will be more clearly.
```C++
struct aclSelector {
uint32_t flags; // SELECTOR_FLAG_ALLKEYS, ALLCHANNELS, ALLCOMMANDS, etc.
std::vector<uint64_t> allowed_commands; // Command permission bitmap, size
= USER_COMMAND_BITS_COUNT / 64
std::vector<uint32_t> allowed_category; // Command category permission
bitmap, size = USER_CATEGORY_BITS_COUNT / 32
std::vector<std::string> patterns; // List of key patterns
std::vector<std::string> channels; // List of channel patterns
};
struct aclUser {
bool enabled; // Whether the user is enabled
std::vector<aclSelector> allowed_commands; // The first is the root
selector, the rest are regular selectors
std::set<std::string> passwords; // Set of passwords, stored as sha256
hashes. Nopass if set is empty
uint64_t version; // Version number
};
```
> Can you elaborate a bit on how we're going to serialize the sector
> information?
The "redis ACL SETUSER commands string" is the string used in the ACL SETUSER
command. It’s the reverse process of parsing the ACL SETUSER command. In other
words, SETUSER deserializes the string into a permission entity. The permission
entity can be serialized back into the ACL SETUSER commands string.
Example:
Suppose we have a permission entity like:
````plaintext
user = "alice"
permissions = ["+@all", "~*"]
passwords = ["<sha256-password1>","<sha256-password2>"]
````
The corresponding ACL SETUSER command string would be:
````plaintext
ACL SETUSER alice on #<sha256-password1> #<sha256-password2> +@all ~*
````
GitHub link:
https://github.com/apache/kvrocks/discussions/3234#discussioncomment-14788425
----
This is an automatically sent email for [email protected].
To unsubscribe, please send an email to: [email protected]
