Documentation
¶
Index ¶
Constants ¶
View Source
const ( PermBackendTypeDefault = iota + 1 PermBackendTypeSyncOnce ClusterPermNameView = "view" ClusterPermNameEdit = "edit" )
View Source
const ( ClusterProviderPlain = iota + 1 ClusterProviderBCS ClusterProviderFixture ClusterIdPrefixPlain = "plain-" ClusterIdPrefixBCS = "bcs-" )
View Source
const ( UserTokenTypeSession = iota + 1 UserTokenTypeKubeConfigForPaas UserTokenTypeKubeConfigPlain )
View Source
const (
ExternalUserSourceTypeBCS = iota + 1
)
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type BCSClusterInfo ¶
type BCSClusterInfo struct {
ID uint `gorm:"primary_key"`
// ClusterId is a "one-to-one" field which connects this clsuterInfo to a bke cluster object
ClusterId string
SourceProjectId string `gorm:"size:32;unique_index:idx_source_cluster_project"`
SourceClusterId string `gorm:"size:100;unique_index:idx_source_cluster_project"`
ClusterType uint `gorm:""`
TkeClusterId string
TkeClusterRegion string
CreatedAt time.Time
}
type BackendCredentials ¶
type BackendCredentials map[string]interface{}
type Cluster ¶
type Cluster struct {
ID string `json:"id" gorm:"primary_key"`
// Provider field shows that which provider did this cluster belongs to, provider will determine the authorization
// procedure when someone tries to interact with this cluster, possible values:
//
// - plain: cluster with this provider can only be viewed or updated by its creator
// - bcs: user cann't interact with this cluster unless the "blueking PERM" service said "yes"
Provider uint `json:"provider"`
// CreatorId is the user_id of creator
CreatorId uint `json:"creator_id"`
// Identifier is a random string, it can be used for apiserver proxy tunnel URL address concatenation
Identifier string `json:"identifier" gorm:"size:128"`
CreatedAt time.Time `json:"created_at"`
}
type ClusterCredentials ¶
type ClusterCredentials struct {
ID uint `gorm:"primary_key"`
ClusterId string `gorm:"unique;not null"`
// ServerAddresses is all available apiserver addresses, separated by ";", for example: "https//x.com;http://y.com"
ServerAddresses string `gorm:"size:2048"`
CaCertData string `gorm:"size:4096"`
UserToken string `gorm:"size:2048"`
ClusterDomain string `gorm:"size:2048"`
CreatedAt time.Time
UpdatedAt time.Time
}
func (*ClusterCredentials) GetServerAddressesList ¶
func (c *ClusterCredentials) GetServerAddressesList() []string
GetServerAddressesList returns the apisrever list which was separated by ";"
type ExternalUserRecord ¶
type ExternalUserRecord struct {
ID uint
UserId uint
// There should be no duplicated external source/user pair in this table
// SourceType is a string => type+userID is unique
SourceType uint `gorm:"unique_index:idx_source_type_user_id"`
// user_type + user_id => bke user
SourceUserType string `gorm:"unique_index:idx_source_type_user_id"`
SourceUserId string `gorm:"unique_index:idx_source_type_user_id"`
CreatedAt time.Time
}
ExternalUserRecord stores the replationship between [bke internal user] and [user from external provider]
type RegisterToken ¶
type RegisterToken struct {
ID uint `json:"id" gorm:"primary_key"`
ClusterId string `json:"cluster_id" gorm:"unique;not null"`
Token string `json:"token" gorm:"size:256"`
CreatedAt time.Time `json:"created_at"`
}
RegisterToken was issued when one cluster agent want to register it's credential informations to bke-server
type TkeLbSubnet ¶
type User ¶
type User struct {
ID uint `gorm:"primary_key"`
Name string `gorm:"unique;not null"`
// A "super user" is a user who can create other users, this super user is often initialized by config file
IsSuperUser bool
CreatedAt time.Time
// These field startswith Backend* will be set by auth filters
BackendType string `gorm:"-"`
BackendCredentials BackendCredentials `gorm:"-"`
}
User is the internal user model for bke, when bke wants to be "connected" with other user systems like "blueking auth system", the external user credentials should always been transformed into internal bke user(and tokens).
type UserClusterPermission ¶
type UserClusterPermission struct {
ID uint `gorm:"primary_key"`
// Backend is where this permission comes from:
// - default: this permission was generated by bke itself
// - sync_once: this permission was synced from other sources, one cluster at a time
//
// The same user+cluster pair can have multiple perm records with different backends, the final permission check
// result will be caculated by the priority of different backends.
Backend int `gorm:"unique_index:idx_backend_user_cluster_id_name;default:1;"`
UserID uint `gorm:"unique_index:idx_backend_user_cluster_id_name"`
ClusterID string `gorm:"unique_index:idx_backend_user_cluster_id_name"`
Name string `gorm:"unique_index:idx_backend_user_cluster_id_name;size:16"`
// IsActive means if this permission is valid, the user does not have this permission when it's false,
// this field's purpose is to record the permission synchronize procedure even if the result is false
IsActive bool
UpdatedAt time.Time
CreatedAt time.Time
}
UserClusterPermission stores the user cluster permission
type UserToken ¶
type UserToken struct {
ID uint
UserId uint
Type uint
Value string `gorm:"unique;size:64"`
ExpiresAt time.Time
CreatedAt time.Time
}
UserToken is the token which can be used by tools like kubectl to connect to Kubernetes clusers.
func (*UserToken) HasExpired ¶
HasExpired mean that is this token has been expired
type WsClusterCredentials ¶
Source Files
Click to show internal directories.
Click to hide internal directories.