security

package
v0.4.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 30, 2024 License: Apache-2.0 Imports: 11 Imported by: 1

Documentation

Index

Examples

Constants

View Source
const (
	TerminatedStatus = "Terminated"
	FailedStatus     = "Failed"
	RunningStatus    = "Running"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthQueryInstance added in v0.2.2

type AuthQueryInstance struct {
	// contains filtered or unexported fields
}

func (*AuthQueryInstance) WaitForSuccess added in v0.2.2

func (ai *AuthQueryInstance) WaitForSuccess() (string, error)

type Config

type Config struct {
	// contains filtered or unexported fields
}

func NewSecurityConfig

func NewSecurityConfig(restClient restclient.RestClient, withoutExceptionPolicy bool, projectName string) Config

NewSecurityConfig withoutExceptionPolicy一般为false

func (*Config) BeLoaded

func (sc *Config) BeLoaded() bool

func (*Config) CheckDownloadPrivilege

func (sc *Config) CheckDownloadPrivilege() bool

func (*Config) CheckPermissionUsingAcl

func (sc *Config) CheckPermissionUsingAcl() bool

func (*Config) CheckPermissionUsingAclV2

func (sc *Config) CheckPermissionUsingAclV2() bool

func (*Config) CheckPermissionUsingPackage

func (sc *Config) CheckPermissionUsingPackage() bool

func (*Config) CheckPermissionUsingPackageV2

func (sc *Config) CheckPermissionUsingPackageV2() bool

func (*Config) CheckPermissionUsingPolicy

func (sc *Config) CheckPermissionUsingPolicy() bool

func (*Config) CreatePackage

func (sc *Config) CreatePackage() bool

func (*Config) CreatePackageV2

func (sc *Config) CreatePackageV2() bool

func (*Config) DisableCheckPermissionUsingAcl

func (sc *Config) DisableCheckPermissionUsingAcl()

func (*Config) DisableCheckPermissionUsingPolicy

func (sc *Config) DisableCheckPermissionUsingPolicy()

func (*Config) DisableDownloadPrivilege

func (sc *Config) DisableDownloadPrivilege()

DisableDownloadPrivilege If project setting DOWNLOAD_PRIV_ENFORCED is enabled, download privilege cannot be set to false via odps sdk

func (*Config) DisableLabelSecurity

func (sc *Config) DisableLabelSecurity()

func (*Config) DisableObjectCreatorHasAccessPermission

func (sc *Config) DisableObjectCreatorHasAccessPermission()

func (*Config) DisableObjectCreatorHasGrantPermission

func (sc *Config) DisableObjectCreatorHasGrantPermission()

func (*Config) DisableProjectProtection

func (sc *Config) DisableProjectProtection()

func (*Config) EnableCheckPermissionUsingAcl

func (sc *Config) EnableCheckPermissionUsingAcl()

func (*Config) EnableCheckPermissionUsingPolicy

func (sc *Config) EnableCheckPermissionUsingPolicy()

func (*Config) EnableDownloadPrivilege

func (sc *Config) EnableDownloadPrivilege()

func (*Config) EnableLabelSecurity

func (sc *Config) EnableLabelSecurity()

func (*Config) EnableObjectCreatorHasAccessPermission

func (sc *Config) EnableObjectCreatorHasAccessPermission()

func (*Config) EnableObjectCreatorHasGrantPermission

func (sc *Config) EnableObjectCreatorHasGrantPermission()

func (*Config) EnableProjectProtection

func (sc *Config) EnableProjectProtection()

func (*Config) EnableProjectProtectionWithExceptionPolicy

func (sc *Config) EnableProjectProtectionWithExceptionPolicy(exceptionPolicy string)

func (*Config) GetAuthorizationVersion

func (sc *Config) GetAuthorizationVersion() string

func (*Config) GetGrammarVersion

func (sc *Config) GetGrammarVersion() string

func (*Config) LabelSecurity

func (sc *Config) LabelSecurity() bool

func (*Config) Load

func (sc *Config) Load() error

func (*Config) ObjectCreatorHasAccessPermission

func (sc *Config) ObjectCreatorHasAccessPermission() bool

func (*Config) ObjectCreatorHasGrantPermission

func (sc *Config) ObjectCreatorHasGrantPermission() bool

func (*Config) ProjectProtection

func (sc *Config) ProjectProtection() bool

func (*Config) ProjectProtectionExceptionPolicy

func (sc *Config) ProjectProtectionExceptionPolicy() string

func (*Config) SupportAcl

func (sc *Config) SupportAcl() bool

func (*Config) SupportAclV2

func (sc *Config) SupportAclV2() bool

func (*Config) SupportPackage

func (sc *Config) SupportPackage() bool

func (*Config) SupportPackageV2

func (sc *Config) SupportPackageV2() bool

func (*Config) SupportPolicy

func (sc *Config) SupportPolicy() bool

func (*Config) Update

func (sc *Config) Update(supervisionToken string) error

type Manager

type Manager struct {
	// contains filtered or unexported fields
}

func NewSecurityManager

func NewSecurityManager(restClient restclient.RestClient, projectName string) Manager

func (*Manager) CheckPermissionV0

func (sm *Manager) CheckPermissionV0(
	objectType PermissionObjectType,
	objectName string,
	actionType PermissionActionType,
	columns []string,
) (*PermissionCheckResult, error)
Example
package main

import (
	"fmt"
	"log"

	account2 "github.com/aliyun/aliyun-odps-go-sdk/odps/account"
	"github.com/aliyun/aliyun-odps-go-sdk/odps/restclient"
	"github.com/aliyun/aliyun-odps-go-sdk/odps/security"
)

var (
	account     = account2.AccountFromEnv()
	endpoint    = restclient.LoadEndpointFromEnv()
	restClient  = restclient.NewOdpsRestClient(account, endpoint)
	projectName = "go_sdk_regression_testing"
)

func main() {
	sm := security.NewSecurityManager(restClient, projectName)

	r, err := sm.CheckPermissionV0(
		security.ObjectTypeTable,
		"sale_detail",
		security.ActionTypeAll,
		nil,
	)
	if err != nil {
		log.Fatalf("%+v", err)
	}

	println(fmt.Sprintf("%v", r))
}
Output:

func (*Manager) CheckPermissionV1

func (sm *Manager) CheckPermissionV1(p Permission) (*PermissionCheckResult, error)
Example
package main

import (
	"fmt"
	"log"

	account2 "github.com/aliyun/aliyun-odps-go-sdk/odps/account"
	"github.com/aliyun/aliyun-odps-go-sdk/odps/restclient"
	"github.com/aliyun/aliyun-odps-go-sdk/odps/security"
)

var (
	account     = account2.AccountFromEnv()
	endpoint    = restclient.LoadEndpointFromEnv()
	restClient  = restclient.NewOdpsRestClient(account, endpoint)
	projectName = "go_sdk_regression_testing"
)

func main() {
	sm := security.NewSecurityManager(restClient, projectName)
	p := security.NewPermission(
		projectName,
		security.ObjectTypeTable,
		"sale_detail",
		security.ActionTypeAll,
	)
	p.Params["User"] = "Aliyun$odpstest1@aliyun.com;"

	r, err := sm.CheckPermissionV1(p)
	if err != nil {
		log.Fatalf("%+v", err)
	}

	println(fmt.Sprintf("%v", r))
}
Output:

func (*Manager) GenerateAuthorizationToken

func (sm *Manager) GenerateAuthorizationToken(policy string) (string, error)

func (*Manager) GetPolicy

func (sm *Manager) GetPolicy() ([]byte, error)
Example
package main

import (
	"log"

	account2 "github.com/aliyun/aliyun-odps-go-sdk/odps/account"
	"github.com/aliyun/aliyun-odps-go-sdk/odps/restclient"
	"github.com/aliyun/aliyun-odps-go-sdk/odps/security"
)

var (
	account     = account2.AccountFromEnv()
	endpoint    = restclient.LoadEndpointFromEnv()
	restClient  = restclient.NewOdpsRestClient(account, endpoint)
	projectName = "go_sdk_regression_testing"
)

func main() {
	sm := security.NewSecurityManager(restClient, projectName)
	policy, err := sm.GetPolicy()
	if err != nil {
		log.Fatalf("%+v", err)
	}

	println(policy)
}
Output:

func (*Manager) GetRolePolicy

func (sm *Manager) GetRolePolicy(roleName string) ([]byte, error)

func (*Manager) GetSecurityConfig

func (sm *Manager) GetSecurityConfig(withoutExceptionPolicy bool) (Config, error)
Example
package main

import (
	"fmt"
	"log"

	account2 "github.com/aliyun/aliyun-odps-go-sdk/odps/account"
	"github.com/aliyun/aliyun-odps-go-sdk/odps/restclient"
	"github.com/aliyun/aliyun-odps-go-sdk/odps/security"
)

var (
	account     = account2.AccountFromEnv()
	endpoint    = restclient.LoadEndpointFromEnv()
	restClient  = restclient.NewOdpsRestClient(account, endpoint)
	projectName = "go_sdk_regression_testing"
)

func main() {
	sm := security.NewSecurityManager(restClient, projectName)
	sc, err := sm.GetSecurityConfig(true)
	if err != nil {
		log.Fatalf("%+v", err)
	}

	println(fmt.Sprintf("%+v", sc))

}
Output:

func (*Manager) GetSecurityPolicy

func (sm *Manager) GetSecurityPolicy() ([]byte, error)

func (*Manager) ListRoles

func (sm *Manager) ListRoles() ([]Role, error)

func (*Manager) ListRolesForUserWithId

func (sm *Manager) ListRolesForUserWithId(userId, _type string) ([]Role, error)

func (*Manager) ListRolesForUserWithName

func (sm *Manager) ListRolesForUserWithName(userName string) ([]Role, error)

func (*Manager) ListUsers

func (sm *Manager) ListUsers() ([]User, error)
Example
package main

import (
	"fmt"
	"log"

	account2 "github.com/aliyun/aliyun-odps-go-sdk/odps/account"
	"github.com/aliyun/aliyun-odps-go-sdk/odps/restclient"
	"github.com/aliyun/aliyun-odps-go-sdk/odps/security"
)

var (
	account     = account2.AccountFromEnv()
	endpoint    = restclient.LoadEndpointFromEnv()
	restClient  = restclient.NewOdpsRestClient(account, endpoint)
	projectName = "go_sdk_regression_testing"
)

func main() {
	sm := security.NewSecurityManager(restClient, projectName)
	users, err := sm.ListUsers()
	if err != nil {
		log.Fatalf("%+v", err)
	}

	for _, user := range users {
		println(fmt.Sprintf("id=%s, name=%s", user.ID(), user.DisplayName()))
	}

}
Output:

func (*Manager) ListUsersForRole

func (sm *Manager) ListUsersForRole(roleName string) ([]User, error)

func (*Manager) Run added in v0.2.2

func (sm *Manager) Run(query string, jsonOutput bool, supervisionToken string) (*AuthQueryInstance, error)

func (*Manager) RunQuery

func (sm *Manager) RunQuery(query string, jsonOutput bool, supervisionToken string) (string, error)
Example
package main

import (
	"fmt"
	"log"

	account2 "github.com/aliyun/aliyun-odps-go-sdk/odps/account"
	"github.com/aliyun/aliyun-odps-go-sdk/odps/restclient"
	"github.com/aliyun/aliyun-odps-go-sdk/odps/security"
)

var (
	account     = account2.AccountFromEnv()
	endpoint    = restclient.LoadEndpointFromEnv()
	restClient  = restclient.NewOdpsRestClient(account, endpoint)
	projectName = "go_sdk_regression_testing"
)

func main() {
	sm := security.NewSecurityManager(restClient, projectName)
	result, err := sm.RunQuery("whoami;", true, "")
	if err != nil {
		log.Fatalf("%+v", err)
	}

	println(fmt.Sprintf("ok: %s", result))

}
Output:

func (*Manager) SetPolicy

func (sm *Manager) SetPolicy(policy string) error

func (*Manager) SetRolePolicy

func (sm *Manager) SetRolePolicy(roleName, policy string) error

func (*Manager) SetSecurityConfig

func (sm *Manager) SetSecurityConfig(config Config, supervisionToken string) error

func (*Manager) SetSecurityPolicy

func (sm *Manager) SetSecurityPolicy(policy string) error

type Permission

type Permission struct {
	ProjectName string
	ObjectType  PermissionObjectType
	ObjectName  string
	ActionType  PermissionActionType
	Params      map[string]string
}

func NewPermission

func NewPermission(
	projectName string,
	objectType PermissionObjectType,
	objectName string,
	actionType PermissionActionType,
) Permission

func (Permission) MarshalJSON

func (perm Permission) MarshalJSON() ([]byte, error)

func (*Permission) Resource

func (perm *Permission) Resource() string

func (*Permission) SetColumns

func (perm *Permission) SetColumns(columns []string)

type PermissionActionType

type PermissionActionType int
const (
	ActionTypeRead PermissionActionType
	ActionTypeWrite
	ActionTypeList
	ActionTypeCreateTable
	ActionTypeCreateInstance
	ActionTypeCreateFunction
	ActionTypeCreateResource
	ActionTypeAll
	ActionTypeDescribe
	ActionTypeSelect
	ActionTypeAlter
	ActionTypeUpdate
	ActionTypeDrop
	ActionTypeExecute
	ActionTypeDelete
	ActionTypeDownload
)

func (PermissionActionType) String

func (p PermissionActionType) String() string

type PermissionCheckResult

type PermissionCheckResult struct {
	Result  string
	Message string
}

type PermissionEffect

type PermissionEffect int
const (
	EffectAllow PermissionEffect
	EffectDeny
)

func (PermissionEffect) String

func (p PermissionEffect) String() string

type PermissionObjectType

type PermissionObjectType int
const (
	ObjectTypeProject PermissionObjectType
	ObjectTypeTable
	ObjectTypeFunction
	ObjectTypeResource
	ObjectTypeInstance
)

func (PermissionObjectType) String

func (p PermissionObjectType) String() string

type Role

type Role struct {
	// contains filtered or unexported fields
}

func NewRole

func NewRole(name string, restClient restclient.RestClient, projectName string) Role

func (*Role) Comment

func (role *Role) Comment() string

func (*Role) Load

func (role *Role) Load() error

func (*Role) Name

func (role *Role) Name() string

type User

type User struct {
	// contains filtered or unexported fields
}

func NewUser

func NewUser(userId string, restClient restclient.RestClient, projectName string) User

func (*User) Comment

func (user *User) Comment() string

func (*User) DisplayName

func (user *User) DisplayName() string

func (*User) ID

func (user *User) ID() string

func (*User) Load

func (user *User) Load() error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL