Documentation ¶
Index ¶
- Constants
- type AuthQueryInstance
- type Config
- func (sc *Config) BeLoaded() bool
- func (sc *Config) CheckDownloadPrivilege() bool
- func (sc *Config) CheckPermissionUsingAcl() bool
- func (sc *Config) CheckPermissionUsingAclV2() bool
- func (sc *Config) CheckPermissionUsingPackage() bool
- func (sc *Config) CheckPermissionUsingPackageV2() bool
- func (sc *Config) CheckPermissionUsingPolicy() bool
- func (sc *Config) CreatePackage() bool
- func (sc *Config) CreatePackageV2() bool
- func (sc *Config) DisableCheckPermissionUsingAcl()
- func (sc *Config) DisableCheckPermissionUsingPolicy()
- func (sc *Config) DisableDownloadPrivilege()
- func (sc *Config) DisableLabelSecurity()
- func (sc *Config) DisableObjectCreatorHasAccessPermission()
- func (sc *Config) DisableObjectCreatorHasGrantPermission()
- func (sc *Config) DisableProjectProtection()
- func (sc *Config) EnableCheckPermissionUsingAcl()
- func (sc *Config) EnableCheckPermissionUsingPolicy()
- func (sc *Config) EnableDownloadPrivilege()
- func (sc *Config) EnableLabelSecurity()
- func (sc *Config) EnableObjectCreatorHasAccessPermission()
- func (sc *Config) EnableObjectCreatorHasGrantPermission()
- func (sc *Config) EnableProjectProtection()
- func (sc *Config) EnableProjectProtectionWithExceptionPolicy(exceptionPolicy string)
- func (sc *Config) GetAuthorizationVersion() string
- func (sc *Config) GetGrammarVersion() string
- func (sc *Config) LabelSecurity() bool
- func (sc *Config) Load() error
- func (sc *Config) ObjectCreatorHasAccessPermission() bool
- func (sc *Config) ObjectCreatorHasGrantPermission() bool
- func (sc *Config) ProjectProtection() bool
- func (sc *Config) ProjectProtectionExceptionPolicy() string
- func (sc *Config) SupportAcl() bool
- func (sc *Config) SupportAclV2() bool
- func (sc *Config) SupportPackage() bool
- func (sc *Config) SupportPackageV2() bool
- func (sc *Config) SupportPolicy() bool
- func (sc *Config) Update(supervisionToken string) error
- type Manager
- func (sm *Manager) CheckPermissionV0(objectType PermissionObjectType, objectName string, ...) (*PermissionCheckResult, error)
- func (sm *Manager) CheckPermissionV1(p Permission) (*PermissionCheckResult, error)
- func (sm *Manager) GenerateAuthorizationToken(policy string) (string, error)
- func (sm *Manager) GetPolicy() ([]byte, error)
- func (sm *Manager) GetRolePolicy(roleName string) ([]byte, error)
- func (sm *Manager) GetSecurityConfig(withoutExceptionPolicy bool) (Config, error)
- func (sm *Manager) GetSecurityPolicy() ([]byte, error)
- func (sm *Manager) ListRoles() ([]Role, error)
- func (sm *Manager) ListRolesForUserWithId(userId, _type string) ([]Role, error)
- func (sm *Manager) ListRolesForUserWithName(userName string) ([]Role, error)
- func (sm *Manager) ListUsers() ([]User, error)
- func (sm *Manager) ListUsersForRole(roleName string) ([]User, error)
- func (sm *Manager) Run(query string, jsonOutput bool, supervisionToken string) (*AuthQueryInstance, error)
- func (sm *Manager) RunQuery(query string, jsonOutput bool, supervisionToken string) (string, error)
- func (sm *Manager) SetPolicy(policy string) error
- func (sm *Manager) SetRolePolicy(roleName, policy string) error
- func (sm *Manager) SetSecurityConfig(config Config, supervisionToken string) error
- func (sm *Manager) SetSecurityPolicy(policy string) error
- type Permission
- type PermissionActionType
- type PermissionCheckResult
- type PermissionEffect
- type PermissionObjectType
- type Role
- type User
Examples ¶
Constants ¶
View Source
const ( TerminatedStatus = "Terminated" FailedStatus = "Failed" RunningStatus = "Running" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthQueryInstance ¶ added in v0.2.2
type AuthQueryInstance struct {
// contains filtered or unexported fields
}
func (*AuthQueryInstance) WaitForSuccess ¶ added in v0.2.2
func (ai *AuthQueryInstance) WaitForSuccess() (string, error)
type Config ¶
type Config struct {
// contains filtered or unexported fields
}
func NewSecurityConfig ¶
func NewSecurityConfig(restClient restclient.RestClient, withoutExceptionPolicy bool, projectName string) Config
NewSecurityConfig withoutExceptionPolicy一般为false
func (*Config) CheckDownloadPrivilege ¶
func (*Config) CheckPermissionUsingAcl ¶
func (*Config) CheckPermissionUsingAclV2 ¶
func (*Config) CheckPermissionUsingPackage ¶
func (*Config) CheckPermissionUsingPackageV2 ¶
func (*Config) CheckPermissionUsingPolicy ¶
func (*Config) CreatePackage ¶
func (*Config) CreatePackageV2 ¶
func (*Config) DisableCheckPermissionUsingAcl ¶
func (sc *Config) DisableCheckPermissionUsingAcl()
func (*Config) DisableCheckPermissionUsingPolicy ¶
func (sc *Config) DisableCheckPermissionUsingPolicy()
func (*Config) DisableDownloadPrivilege ¶
func (sc *Config) DisableDownloadPrivilege()
DisableDownloadPrivilege If project setting DOWNLOAD_PRIV_ENFORCED is enabled, download privilege cannot be set to false via odps sdk
func (*Config) DisableLabelSecurity ¶
func (sc *Config) DisableLabelSecurity()
func (*Config) DisableObjectCreatorHasAccessPermission ¶
func (sc *Config) DisableObjectCreatorHasAccessPermission()
func (*Config) DisableObjectCreatorHasGrantPermission ¶
func (sc *Config) DisableObjectCreatorHasGrantPermission()
func (*Config) DisableProjectProtection ¶
func (sc *Config) DisableProjectProtection()
func (*Config) EnableCheckPermissionUsingAcl ¶
func (sc *Config) EnableCheckPermissionUsingAcl()
func (*Config) EnableCheckPermissionUsingPolicy ¶
func (sc *Config) EnableCheckPermissionUsingPolicy()
func (*Config) EnableDownloadPrivilege ¶
func (sc *Config) EnableDownloadPrivilege()
func (*Config) EnableLabelSecurity ¶
func (sc *Config) EnableLabelSecurity()
func (*Config) EnableObjectCreatorHasAccessPermission ¶
func (sc *Config) EnableObjectCreatorHasAccessPermission()
func (*Config) EnableObjectCreatorHasGrantPermission ¶
func (sc *Config) EnableObjectCreatorHasGrantPermission()
func (*Config) EnableProjectProtection ¶
func (sc *Config) EnableProjectProtection()
func (*Config) EnableProjectProtectionWithExceptionPolicy ¶
func (*Config) GetAuthorizationVersion ¶
func (*Config) GetGrammarVersion ¶
func (*Config) LabelSecurity ¶
func (*Config) ObjectCreatorHasAccessPermission ¶
func (*Config) ObjectCreatorHasGrantPermission ¶
func (*Config) ProjectProtection ¶
func (*Config) ProjectProtectionExceptionPolicy ¶
func (*Config) SupportAcl ¶
func (*Config) SupportAclV2 ¶
func (*Config) SupportPackage ¶
func (*Config) SupportPackageV2 ¶
func (*Config) SupportPolicy ¶
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
func NewSecurityManager ¶
func NewSecurityManager(restClient restclient.RestClient, projectName string) Manager
func (*Manager) CheckPermissionV0 ¶
func (sm *Manager) CheckPermissionV0( objectType PermissionObjectType, objectName string, actionType PermissionActionType, columns []string, ) (*PermissionCheckResult, error)
Example ¶
package main import ( "fmt" account2 "github.com/aliyun/aliyun-odps-go-sdk/odps/account" "github.com/aliyun/aliyun-odps-go-sdk/odps/restclient" "github.com/aliyun/aliyun-odps-go-sdk/odps/security" "log" ) var account = account2.AliyunAccountFromEnv() var endpoint = restclient.LoadEndpointFromEnv() var restClient = restclient.NewOdpsRestClient(account, endpoint) func main() { sm := security.NewSecurityManager(restClient, "project_1") r, err := sm.CheckPermissionV0( security.ObjectTypeTable, "sale_detail", security.ActionTypeAll, nil, ) if err != nil { log.Fatalf("%+v", err) } println(fmt.Sprintf("%v", r)) }
Output:
func (*Manager) CheckPermissionV1 ¶
func (sm *Manager) CheckPermissionV1(p Permission) (*PermissionCheckResult, error)
Example ¶
package main import ( "fmt" account2 "github.com/aliyun/aliyun-odps-go-sdk/odps/account" "github.com/aliyun/aliyun-odps-go-sdk/odps/restclient" "github.com/aliyun/aliyun-odps-go-sdk/odps/security" "log" ) var account = account2.AliyunAccountFromEnv() var endpoint = restclient.LoadEndpointFromEnv() var restClient = restclient.NewOdpsRestClient(account, endpoint) func main() { sm := security.NewSecurityManager(restClient, "project_1") p := security.NewPermission( "project_1", security.ObjectTypeTable, "sale_detail", security.ActionTypeAll, ) p.Params["User"] = "Aliyun$odpstest1@aliyun.com;" r, err := sm.CheckPermissionV1(p) if err != nil { log.Fatalf("%+v", err) } println(fmt.Sprintf("%v", r)) }
Output:
func (*Manager) GenerateAuthorizationToken ¶
func (*Manager) GetPolicy ¶
Example ¶
package main import ( account2 "github.com/aliyun/aliyun-odps-go-sdk/odps/account" "github.com/aliyun/aliyun-odps-go-sdk/odps/restclient" "github.com/aliyun/aliyun-odps-go-sdk/odps/security" "log" ) var account = account2.AliyunAccountFromEnv() var endpoint = restclient.LoadEndpointFromEnv() var restClient = restclient.NewOdpsRestClient(account, endpoint) func main() { sm := security.NewSecurityManager(restClient, "project_1") policy, err := sm.GetPolicy() if err != nil { log.Fatalf("%+v", err) } println(policy) }
Output:
func (*Manager) GetSecurityConfig ¶
Example ¶
package main import ( "fmt" account2 "github.com/aliyun/aliyun-odps-go-sdk/odps/account" "github.com/aliyun/aliyun-odps-go-sdk/odps/restclient" "github.com/aliyun/aliyun-odps-go-sdk/odps/security" "log" ) var account = account2.AliyunAccountFromEnv() var endpoint = restclient.LoadEndpointFromEnv() var restClient = restclient.NewOdpsRestClient(account, endpoint) func main() { sm := security.NewSecurityManager(restClient, "project_1") sc, err := sm.GetSecurityConfig(true) if err != nil { log.Fatalf("%+v", err) } println(fmt.Sprintf("%+v", sc)) }
Output:
func (*Manager) GetSecurityPolicy ¶
func (*Manager) ListRolesForUserWithId ¶
func (*Manager) ListRolesForUserWithName ¶
func (*Manager) ListUsers ¶
Example ¶
package main import ( "fmt" account2 "github.com/aliyun/aliyun-odps-go-sdk/odps/account" "github.com/aliyun/aliyun-odps-go-sdk/odps/restclient" "github.com/aliyun/aliyun-odps-go-sdk/odps/security" "log" ) var account = account2.AliyunAccountFromEnv() var endpoint = restclient.LoadEndpointFromEnv() var restClient = restclient.NewOdpsRestClient(account, endpoint) func main() { sm := security.NewSecurityManager(restClient, "project_1") users, err := sm.ListUsers() if err != nil { log.Fatalf("%+v", err) } for _, user := range users { println(fmt.Sprintf("id=%s, name=%s", user.ID(), user.DisplayName())) } }
Output:
func (*Manager) ListUsersForRole ¶
func (*Manager) RunQuery ¶
Example ¶
package main import ( "fmt" account2 "github.com/aliyun/aliyun-odps-go-sdk/odps/account" "github.com/aliyun/aliyun-odps-go-sdk/odps/restclient" "github.com/aliyun/aliyun-odps-go-sdk/odps/security" "log" ) var account = account2.AliyunAccountFromEnv() var endpoint = restclient.LoadEndpointFromEnv() var restClient = restclient.NewOdpsRestClient(account, endpoint) func main() { sm := security.NewSecurityManager(restClient, "project_1") result, err := sm.RunQuery("show grants for aliyun$odpstest1@aliyun.com;", true, "") if err != nil { log.Fatalf("%+v", err) } println(fmt.Sprintf("ok: %s", result)) }
Output:
func (*Manager) SetRolePolicy ¶
func (*Manager) SetSecurityConfig ¶
func (*Manager) SetSecurityPolicy ¶
type Permission ¶
type Permission struct { ProjectName string ObjectType PermissionObjectType ObjectName string ActionType PermissionActionType Params map[string]string }
func NewPermission ¶
func NewPermission( projectName string, objectType PermissionObjectType, objectName string, actionType PermissionActionType) Permission
func (Permission) MarshalJSON ¶
func (perm Permission) MarshalJSON() ([]byte, error)
func (*Permission) Resource ¶
func (perm *Permission) Resource() string
func (*Permission) SetColumns ¶
func (perm *Permission) SetColumns(columns []string)
type PermissionActionType ¶
type PermissionActionType int
const ( ActionTypeRead PermissionActionType ActionTypeWrite ActionTypeList ActionTypeCreateTable ActionTypeCreateInstance ActionTypeCreateFunction ActionTypeCreateResource ActionTypeAll ActionTypeDescribe ActionTypeSelect ActionTypeAlter ActionTypeUpdate ActionTypeDrop ActionTypeExecute ActionTypeDelete ActionTypeDownload )
func (PermissionActionType) String ¶
func (p PermissionActionType) String() string
type PermissionCheckResult ¶
type PermissionEffect ¶
type PermissionEffect int
const ( EffectAllow PermissionEffect EffectDeny )
func (PermissionEffect) String ¶
func (p PermissionEffect) String() string
type PermissionObjectType ¶
type PermissionObjectType int
const ( ObjectTypeProject PermissionObjectType ObjectTypeTable ObjectTypeFunction ObjectTypeResource ObjectTypeInstance )
func (PermissionObjectType) String ¶
func (p PermissionObjectType) String() string
type Role ¶
type Role struct {
// contains filtered or unexported fields
}
func NewRole ¶
func NewRole(name string, restClient restclient.RestClient, projectName string) Role
type User ¶
type User struct {
// contains filtered or unexported fields
}
func NewUser ¶
func NewUser(userId string, restClient restclient.RestClient, projectName string) User
func (*User) DisplayName ¶
Click to show internal directories.
Click to hide internal directories.