Documentation ¶
Index ¶
- Constants
- func NewObjectSet(resources Resources) expression.ObjectSetInterface
- type Action
- type ActionPolicy
- type Application
- type ApplicationAction
- type ApplicationActionForApply
- type ApplicationActionListForApply
- type ApplicationRelatedResourceType
- type ApplicationRelatedResourceTypeWithName
- type ApplicationResourceInstance
- type ApplicationResourceInstanceWithName
- type ApplicationResourceNode
- type ApplicationResourceNodeWithName
- type H
- type IAM
- func (i *IAM) BatchIsAllowed(request Request, resourcesList []Resources) (result map[string]bool, err error)
- func (i *IAM) BatchResourceMultiActionsAllowed(request MultiActionRequest, resourcesList []Resources) (results map[string]map[string]bool, err error)
- func (i *IAM) GenPermissionApplyData(a ApplicationActionListForApply) (data H, err error)
- func (i *IAM) GetApplyURL(application Application, bkToken string, bkUsername string) (url string, err error)
- func (i *IAM) GetToken() (token string, err error)
- func (i *IAM) IsAllowed(request Request) (allowed bool, err error)
- func (i *IAM) IsAllowedWithCache(request Request, ttl time.Duration) (allowed bool, err error)
- func (i *IAM) IsBasicAuthAllowed(username, password string) (err error)
- func (i *IAM) ResourceMultiActionsAllowed(request MultiActionRequest) (result map[string]bool, err error)
- type MultiActionRequest
- type Request
- type ResourceNode
- type Resources
- type Subject
Constants ¶
const Version = "v0.0.7"
Variables ¶
This section is empty.
Functions ¶
func NewObjectSet ¶
func NewObjectSet(resources Resources) expression.ObjectSetInterface
NewObjectSet create an ObjectSet from resources
Types ¶
type Action ¶
type Action struct {
ID string `json:"id" binding:"required"`
}
Action is the action of permission
type ActionPolicy ¶
type ActionPolicy struct { Action Action `json:"action"` Condition expression.ExprCell `json:"condition"` }
ActionPolicy is the response struct
type Application ¶
type Application struct { SystemID string `json:"system_id"` Actions []ApplicationAction `json:"actions"` }
Application is the application for permission
func NewApplication ¶
func NewApplication(system string, actions []ApplicationAction) Application
NewApplication will create the application
func (*Application) Validate ¶
func (a *Application) Validate() error
Validate will check if the application is valid
type ApplicationAction ¶
type ApplicationAction struct { ID string `json:"id"` RelatedResourceTypes []ApplicationRelatedResourceType `json:"related_resource_types"` }
ApplicationAction is the action for application
func NewApplicationAction ¶
func NewApplicationAction(id string, rrt []ApplicationRelatedResourceType) ApplicationAction
NewApplicationAction will create the application action
func (*ApplicationAction) Validate ¶
func (aa *ApplicationAction) Validate() error
Validate will check if the application action is valid
type ApplicationActionForApply ¶
type ApplicationActionForApply struct { ID string `json:"id" binding:"required"` Name string `json:"name" binding:"required"` RelatedResourceTypes []ApplicationRelatedResourceTypeWithName `json:"related_resource_types"` }
ApplicationActionForApply is the action for apply
type ApplicationActionListForApply ¶
type ApplicationActionListForApply struct { SystemID string `json:"system_id" binding:"required"` SystemName string `json:"system_name" binding:"required"` Actions []ApplicationActionForApply `json:"actions" binding:"required"` }
ApplicationActionListForApply is the action list for apply
type ApplicationRelatedResourceType ¶
type ApplicationRelatedResourceType struct { SystemID string `json:"system_id"` Type string `json:"type"` Instances []ApplicationResourceInstance `json:"instances"` }
ApplicationRelatedResourceType is the related resource type for application
func (*ApplicationRelatedResourceType) Validate ¶
func (arr *ApplicationRelatedResourceType) Validate() error
Validate will check if the application related resource type is valid
type ApplicationRelatedResourceTypeWithName ¶
type ApplicationRelatedResourceTypeWithName struct { SystemID string `json:"system_id" binding:"required"` SystemName string `json:"system_name" binding:"required"` Type string `json:"type" binding:"required"` TypeName string `json:"type_name" binding:"required"` Instances []ApplicationResourceInstanceWithName `json:"instances" binding:"required"` }
ApplicationRelatedResourceTypeWithName is the related resource type with names
type ApplicationResourceInstance ¶
type ApplicationResourceInstance []ApplicationResourceNode
ApplicationResourceInstance is the resource instance for application
type ApplicationResourceInstanceWithName ¶
type ApplicationResourceInstanceWithName []ApplicationResourceNodeWithName
ApplicationResourceInstanceWithName is the resource instance for application, which with the names of each field
type ApplicationResourceNode ¶
type ApplicationResourceNode struct { Type string `json:"type" binding:"required"` ID string `json:"id" binding:"required"` }
ApplicationResourceNode is the resourc node struct for application
type ApplicationResourceNodeWithName ¶
type ApplicationResourceNodeWithName struct { Type string `json:"type" binding:"required"` TypeName string `json:"type_name" binding:"required"` ID string `json:"id" binding:"required"` Name string `json:"name" binding:"required"` }
ApplicationResourceNodeWithName is the resourc node struct for application, which with the names of each field
type IAM ¶
type IAM struct {
// contains filtered or unexported fields
}
IAM is the instance of iam sdk
func NewAPIGatewayIAM ¶ added in v0.0.5
NewAPIGatewayIAM will create an IAM instance, call all api through APIGateway if your TencentBlueking has a APIGateway, use this, recommend
func NewIAM ¶
NewIAM will create an IAM instance if your TencentBlueking has a APIGateway, use NewAPIGatewayIAM
func (*IAM) BatchIsAllowed ¶
func (i *IAM) BatchIsAllowed(request Request, resourcesList []Resources) (result map[string]bool, err error)
BatchIsAllowed will batch check the permission for resources lists
func (*IAM) BatchResourceMultiActionsAllowed ¶
func (i *IAM) BatchResourceMultiActionsAllowed( request MultiActionRequest, resourcesList []Resources, ) (results map[string]map[string]bool, err error)
BatchResourceMultiActionsAllowed will check the permissions of batch-resource with multi-actions
func (*IAM) GenPermissionApplyData ¶
func (i *IAM) GenPermissionApplyData(a ApplicationActionListForApply) (data H, err error)
GenPermissionApplyData will generate the apply data
func (*IAM) GetApplyURL ¶
func (i *IAM) GetApplyURL(application Application, bkToken string, bkUsername string) (url string, err error)
GetApplyURL will generate the application URL
func (*IAM) IsAllowedWithCache ¶
IsAllowedWithCache will check if the permission is allowed, will cache with ttl
func (*IAM) IsBasicAuthAllowed ¶
IsBasicAuthAllowed will check basic auth of callback request
func (*IAM) ResourceMultiActionsAllowed ¶
func (i *IAM) ResourceMultiActionsAllowed(request MultiActionRequest) (result map[string]bool, err error)
ResourceMultiActionsAllowed will check the permission of one-resource with multi-actions
type MultiActionRequest ¶
type MultiActionRequest struct { System string `json:"system" binding:"required"` Subject Subject `json:"subject" binding:"required"` Actions []Action `json:"actions" binding:"required"` Resources Resources `json:"resources" binding:"omitempty"` }
MultiActionRequest is the request object for Multi Actions Request
func NewMultiActionRequest ¶
func NewMultiActionRequest( system string, subject Subject, actions []Action, resources []ResourceNode, ) MultiActionRequest
NewMultiActionRequest create a request
func (*MultiActionRequest) Validate ¶
func (mar *MultiActionRequest) Validate() error
Validate will check if the request is valid
type Request ¶
type Request struct { System string `json:"system" binding:"required"` Subject Subject `json:"subject" binding:"required"` Action Action `json:"action" binding:"required"` Resources Resources `json:"resources" binding:"omitempty"` }
Request is the policy query request body
func NewRequest ¶
func NewRequest(system string, subject Subject, action Action, resources []ResourceNode) Request
NewRequest create a new request for policy query
func (*Request) GenObjectSet ¶
func (r *Request) GenObjectSet() expression.ObjectSetInterface
GenObjectSet create an ObjectSet from the resources of request
type ResourceNode ¶
type ResourceNode struct { System string `json:"system" binding:"required"` Type string `json:"type" binding:"required"` ID string `json:"id" binding:"required"` Attribute map[string]interface{} `json:"attribute" binding:"required"` }
ResourceNode is the mini unit of a resource
func NewResourceNode ¶
func NewResourceNode(system, _type, id string, attrs map[string]interface{}) ResourceNode
NewResourceNode create a resrouce node