security

package
v0.1.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 12, 2023 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Config 

type Config struct {
	// contains filtered or unexported fields
}

func NewSecurityConfig 

func NewSecurityConfig(restClient restclient.RestClient, withoutExceptionPolicy bool, projectName string) Config

NewSecurityConfig withoutExceptionPolicy一般为false

func (*Config) BeLoaded 

func (sc *Config) BeLoaded() bool

func (*Config) CheckDownloadPrivilege 

func (sc *Config) CheckDownloadPrivilege() bool

func (*Config) CheckPermissionUsingAcl 

func (sc *Config) CheckPermissionUsingAcl() bool

func (*Config) CheckPermissionUsingAclV2 

func (sc *Config) CheckPermissionUsingAclV2() bool

func (*Config) CheckPermissionUsingPackage 

func (sc *Config) CheckPermissionUsingPackage() bool

func (*Config) CheckPermissionUsingPackageV2 

func (sc *Config) CheckPermissionUsingPackageV2() bool

func (*Config) CheckPermissionUsingPolicy 

func (sc *Config) CheckPermissionUsingPolicy() bool

func (*Config) CreatePackage 

func (sc *Config) CreatePackage() bool

func (*Config) CreatePackageV2 

func (sc *Config) CreatePackageV2() bool

func (*Config) DisableCheckPermissionUsingAcl 

func (sc *Config) DisableCheckPermissionUsingAcl()

func (*Config) DisableCheckPermissionUsingPolicy 

func (sc *Config) DisableCheckPermissionUsingPolicy()

func (*Config) DisableDownloadPrivilege 

func (sc *Config) DisableDownloadPrivilege()

DisableDownloadPrivilege If project setting DOWNLOAD_PRIV_ENFORCED is enabled, download privilege cannot be set to false via odps sdk

func (*Config) DisableLabelSecurity 

func (sc *Config) DisableLabelSecurity()

func (*Config) DisableObjectCreatorHasAccessPermission 

func (sc *Config) DisableObjectCreatorHasAccessPermission()

func (*Config) DisableObjectCreatorHasGrantPermission 

func (sc *Config) DisableObjectCreatorHasGrantPermission()

func (*Config) DisableProjectProtection 

func (sc *Config) DisableProjectProtection()

func (*Config) EnableCheckPermissionUsingAcl 

func (sc *Config) EnableCheckPermissionUsingAcl()

func (*Config) EnableCheckPermissionUsingPolicy 

func (sc *Config) EnableCheckPermissionUsingPolicy()

func (*Config) EnableDownloadPrivilege 

func (sc *Config) EnableDownloadPrivilege()

func (*Config) EnableLabelSecurity 

func (sc *Config) EnableLabelSecurity()

func (*Config) EnableObjectCreatorHasAccessPermission 

func (sc *Config) EnableObjectCreatorHasAccessPermission()

func (*Config) EnableObjectCreatorHasGrantPermission 

func (sc *Config) EnableObjectCreatorHasGrantPermission()

func (*Config) EnableProjectProtection 

func (sc *Config) EnableProjectProtection()

func (*Config) EnableProjectProtectionWithExceptionPolicy 

func (sc *Config) EnableProjectProtectionWithExceptionPolicy(exceptionPolicy string)

func (*Config) GetAuthorizationVersion 

func (sc *Config) GetAuthorizationVersion() string

func (*Config) GetGrammarVersion 

func (sc *Config) GetGrammarVersion() string

func (*Config) LabelSecurity 

func (sc *Config) LabelSecurity() bool

func (*Config) Load 

func (sc *Config) Load() error

func (*Config) ObjectCreatorHasAccessPermission 

func (sc *Config) ObjectCreatorHasAccessPermission() bool

func (*Config) ObjectCreatorHasGrantPermission 

func (sc *Config) ObjectCreatorHasGrantPermission() bool

func (*Config) ProjectProtection 

func (sc *Config) ProjectProtection() bool

func (*Config) ProjectProtectionExceptionPolicy 

func (sc *Config) ProjectProtectionExceptionPolicy() string

func (*Config) SupportAcl 

func (sc *Config) SupportAcl() bool

func (*Config) SupportAclV2 

func (sc *Config) SupportAclV2() bool

func (*Config) SupportPackage 

func (sc *Config) SupportPackage() bool

func (*Config) SupportPackageV2 

func (sc *Config) SupportPackageV2() bool

func (*Config) SupportPolicy 

func (sc *Config) SupportPolicy() bool

func (*Config) Update 

func (sc *Config) Update(supervisionToken string) error

type Manager 

type Manager struct {
	// contains filtered or unexported fields
}

func NewSecurityManager 

func NewSecurityManager(restClient restclient.RestClient, projectName string) Manager

func (*Manager) CheckPermissionV0 

func (sm *Manager) CheckPermissionV0(
	objectType PermissionObjectType,
	objectName string,
	actionType PermissionActionType,
	columns []string,
) (*PermissionCheckResult, error)
Example 
package main

import (
	"fmt"
	account2 "github.com/aliyun/aliyun-odps-go-sdk/odps/account"
	"github.com/aliyun/aliyun-odps-go-sdk/odps/restclient"
	"github.com/aliyun/aliyun-odps-go-sdk/odps/security"
	"log"
)

var account = account2.AliyunAccountFromEnv()
var endpoint = restclient.LoadEndpointFromEnv()
var restClient = restclient.NewOdpsRestClient(account, endpoint)

func main() {
	sm := security.NewSecurityManager(restClient, "project_1")

	r, err := sm.CheckPermissionV0(
		security.ObjectTypeTable,
		"sale_detail",
		security.ActionTypeAll,
		nil,
	)
	if err != nil {
		log.Fatalf("%+v", err)
	}

	println(fmt.Sprintf("%v", r))
}

Output:

func (*Manager) CheckPermissionV1 

func (sm *Manager) CheckPermissionV1(p Permission) (*PermissionCheckResult, error)
Example 
package main

import (
	"fmt"
	account2 "github.com/aliyun/aliyun-odps-go-sdk/odps/account"
	"github.com/aliyun/aliyun-odps-go-sdk/odps/restclient"
	"github.com/aliyun/aliyun-odps-go-sdk/odps/security"
	"log"
)

var account = account2.AliyunAccountFromEnv()
var endpoint = restclient.LoadEndpointFromEnv()
var restClient = restclient.NewOdpsRestClient(account, endpoint)

func main() {
	sm := security.NewSecurityManager(restClient, "project_1")
	p := security.NewPermission(
		"project_1",
		security.ObjectTypeTable,
		"sale_detail",
		security.ActionTypeAll,
	)
	p.Params["User"] = "Aliyun$odpstest1@aliyun.com;"

	r, err := sm.CheckPermissionV1(p)
	if err != nil {
		log.Fatalf("%+v", err)
	}

	println(fmt.Sprintf("%v", r))
}

Output:

func (*Manager) GenerateAuthorizationToken 

func (sm *Manager) GenerateAuthorizationToken(policy string) (string, error)

func (*Manager) GetPolicy 

func (sm *Manager) GetPolicy() ([]byte, error)
Example 
package main

import (
	account2 "github.com/aliyun/aliyun-odps-go-sdk/odps/account"
	"github.com/aliyun/aliyun-odps-go-sdk/odps/restclient"
	"github.com/aliyun/aliyun-odps-go-sdk/odps/security"
	"log"
)

var account = account2.AliyunAccountFromEnv()
var endpoint = restclient.LoadEndpointFromEnv()
var restClient = restclient.NewOdpsRestClient(account, endpoint)

func main() {
	sm := security.NewSecurityManager(restClient, "project_1")
	policy, err := sm.GetPolicy()
	if err != nil {
		log.Fatalf("%+v", err)
	}

	println(policy)
}

Output:

func (*Manager) GetRolePolicy 

func (sm *Manager) GetRolePolicy(roleName string) ([]byte, error)

func (*Manager) GetSecurityConfig 

func (sm *Manager) GetSecurityConfig(withoutExceptionPolicy bool) (Config, error)
Example 
package main

import (
	"fmt"
	account2 "github.com/aliyun/aliyun-odps-go-sdk/odps/account"
	"github.com/aliyun/aliyun-odps-go-sdk/odps/restclient"
	"github.com/aliyun/aliyun-odps-go-sdk/odps/security"
	"log"
)

var account = account2.AliyunAccountFromEnv()
var endpoint = restclient.LoadEndpointFromEnv()
var restClient = restclient.NewOdpsRestClient(account, endpoint)

func main() {
	sm := security.NewSecurityManager(restClient, "project_1")
	sc, err := sm.GetSecurityConfig(true)
	if err != nil {
		log.Fatalf("%+v", err)
	}

	println(fmt.Sprintf("%+v", sc))

}

Output:

func (*Manager) GetSecurityPolicy 

func (sm *Manager) GetSecurityPolicy() ([]byte, error)

func (*Manager) ListRoles 

func (sm *Manager) ListRoles() ([]Role, error)

func (*Manager) ListRolesForUserWithId 

func (sm *Manager) ListRolesForUserWithId(userId, _type string) ([]Role, error)

func (*Manager) ListRolesForUserWithName 

func (sm *Manager) ListRolesForUserWithName(userName string) ([]Role, error)

func (*Manager) ListUsers 

func (sm *Manager) ListUsers() ([]User, error)
Example 
package main

import (
	"fmt"
	account2 "github.com/aliyun/aliyun-odps-go-sdk/odps/account"
	"github.com/aliyun/aliyun-odps-go-sdk/odps/restclient"
	"github.com/aliyun/aliyun-odps-go-sdk/odps/security"
	"log"
)

var account = account2.AliyunAccountFromEnv()
var endpoint = restclient.LoadEndpointFromEnv()
var restClient = restclient.NewOdpsRestClient(account, endpoint)

func main() {
	sm := security.NewSecurityManager(restClient, "project_1")
	users, err := sm.ListUsers()
	if err != nil {
		log.Fatalf("%+v", err)
	}

	for _, user := range users {
		println(fmt.Sprintf("id=%s, name=%s", user.ID(), user.DisplayName()))
	}

}

Output:

func (*Manager) ListUsersForRole 

func (sm *Manager) ListUsersForRole(roleName string) ([]User, error)

func (*Manager) RunQuery 

func (sm *Manager) RunQuery(query string, jsonOutput bool, supervisionToken string) (string, error)
Example 
package main

import (
	"fmt"
	account2 "github.com/aliyun/aliyun-odps-go-sdk/odps/account"
	"github.com/aliyun/aliyun-odps-go-sdk/odps/restclient"
	"github.com/aliyun/aliyun-odps-go-sdk/odps/security"
	"log"
)

var account = account2.AliyunAccountFromEnv()
var endpoint = restclient.LoadEndpointFromEnv()
var restClient = restclient.NewOdpsRestClient(account, endpoint)

func main() {
	sm := security.NewSecurityManager(restClient, "project_1")
	result, err := sm.RunQuery("show grants for aliyun$odpstest1@aliyun.com;", true, "")
	if err != nil {
		log.Fatalf("%+v", err)
	}

	println(fmt.Sprintf("ok: %s", result))

}

Output:

func (*Manager) SetPolicy 

func (sm *Manager) SetPolicy(policy string) error

func (*Manager) SetRolePolicy 

func (sm *Manager) SetRolePolicy(roleName, policy string) error

func (*Manager) SetSecurityConfig 

func (sm *Manager) SetSecurityConfig(config Config, supervisionToken string) error

func (*Manager) SetSecurityPolicy 

func (sm *Manager) SetSecurityPolicy(policy string) error

type Permission 

type Permission struct {
	ProjectName string
	ObjectType  PermissionObjectType
	ObjectName  string
	ActionType  PermissionActionType
	Params      map[string]string
}

func NewPermission 

func NewPermission(
	projectName string,
	objectType PermissionObjectType,
	objectName string,
	actionType PermissionActionType) Permission

func (Permission) MarshalJSON 

func (perm Permission) MarshalJSON() ([]byte, error)

func (*Permission) Resource 

func (perm *Permission) Resource() string

func (*Permission) SetColumns 

func (perm *Permission) SetColumns(columns []string)

type PermissionActionType 

type PermissionActionType int
const (
	ActionTypeRead PermissionActionType
	ActionTypeWrite
	ActionTypeList
	ActionTypeCreateTable
	ActionTypeCreateInstance
	ActionTypeCreateFunction
	ActionTypeCreateResource
	ActionTypeAll
	ActionTypeDescribe
	ActionTypeSelect
	ActionTypeAlter
	ActionTypeUpdate
	ActionTypeDrop
	ActionTypeExecute
	ActionTypeDelete
	ActionTypeDownload
)

func (PermissionActionType) String 

func (p PermissionActionType) String() string

type PermissionCheckResult 

type PermissionCheckResult struct {
	Result  string
	Message string
}

type PermissionEffect 

type PermissionEffect int
const (
	EffectAllow PermissionEffect
	EffectDeny
)

func (PermissionEffect) String 

func (p PermissionEffect) String() string

type PermissionObjectType 

type PermissionObjectType int
const (
	ObjectTypeProject PermissionObjectType
	ObjectTypeTable
	ObjectTypeFunction
	ObjectTypeResource
	ObjectTypeInstance
)

func (PermissionObjectType) String 

func (p PermissionObjectType) String() string

type Role 

type Role struct {
	// contains filtered or unexported fields
}

func NewRole 

func NewRole(name string, restClient restclient.RestClient, projectName string) Role

func (*Role) Comment 

func (role *Role) Comment() string

func (*Role) Load 

func (role *Role) Load() error

func (*Role) Name 

func (role *Role) Name() string

type User 

type User struct {
	// contains filtered or unexported fields
}

func NewUser 

func NewUser(userId string, restClient restclient.RestClient, projectName string) User

func (*User) Comment 

func (user *User) Comment() string

func (*User) DisplayName 

func (user *User) DisplayName() string

func (*User) ID 

func (user *User) ID() string

func (*User) Load 

func (user *User) Load() error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.