auth

package

v0.0.0-...-be0592b Latest Latest Go to latest Published: Jul 31, 2019 License: GPL-3.0 Imports: 5 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/honglimin29/icenter

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
type Authorize
- func NewAuthorize(tls *util.TLSClientConfig, authConfig authcenter.AuthConfig) (Authorize, error)
type Authorizer
type ResourceHandler

Constants ¶

This section is empty.

Variables ¶

View Source

var NoAuthorizeError = errors.New("no authorize")

Functions ¶

This section is empty.

Types ¶

type Authorize ¶

type Authorize interface {
	Authorizer
	ResourceHandler
}

func NewAuthorize ¶

func NewAuthorize(tls *util.TLSClientConfig, authConfig authcenter.AuthConfig) (Authorize, error)

NewAuthorize is used to initialized a Authorize instance interface, which is used for request authorize and resource handle. This allows bk-cmdb to support other kind of auth center. tls can be nil if it is not care. authConfig is a way to parse configuration info for the connection to a auth center.

type Authorizer ¶

type Authorizer interface {
	// Authorize works to check if a user has the authority to operate resources.
	Authorize(ctx context.Context, a *meta.AuthAttribute) (decision meta.Decision, err error)
	AuthorizeBatch(ctx context.Context, user meta.UserInfo, resources ...meta.ResourceAttribute) (decisions []meta.Decision, err error)
	GetAnyAuthorizedBusinessList(ctx context.Context, user meta.UserInfo) ([]int64, error)
	GetExactAuthorizedBusinessList(ctx context.Context, user meta.UserInfo) ([]int64, error)
	AdminEntrance(ctx context.Context, user meta.UserInfo) ([]string, error)
	GetAuthorizedAuditList(ctx context.Context, user meta.UserInfo, businessID int64) ([]authcenter.AuthorizedResource, error)
	Enabled() bool
}

type ResourceHandler ¶

type ResourceHandler interface {
	// register a resource
	RegisterResource(ctx context.Context, rs ...meta.ResourceAttribute) error
	// register a resource
	DryRunRegisterResource(ctx context.Context, rs ...meta.ResourceAttribute) (*authcenter.RegisterInfo, error)
	// deregister a resource
	DeregisterResource(ctx context.Context, rs ...meta.ResourceAttribute) error
	// deregister a resource with raw iam resource id
	RawDeregisterResource(ctx context.Context, scope authcenter.ScopeInfo, rs ...meta.BackendResource) error
	// update a resource's info
	UpdateResource(ctx context.Context, rs *meta.ResourceAttribute) error
	// get a resource's info
	Get(ctx context.Context) error
	// list resources by condition
	ListResources(ctx context.Context, r *meta.ResourceAttribute) ([]meta.BackendResource, error)
	// init the authcenter
	Init(ctx context.Context, config meta.InitConfig) error
}

ResourceHandler is used to handle the resources register to authorize center. request id is a identifier for a request, returned by IAM.

Source Files ¶

View all Source files

auth.go

Directories ¶

Path	Synopsis
authcenter
permit
extensions
meta
parser

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL