Documentation ¶
Index ¶
- Constants
- Variables
- func BatchDeleteRole(roles []*models.NewRole, db *gorm.DB, log *zap.SugaredLogger) error
- func BulkAddUserToUserGroup(groupID string, uids []string, logger *zap.SugaredLogger) error
- func BulkRemoveUserFromUserGroup(groupID string, uids []string, logger *zap.SugaredLogger) error
- func CheckCollaborationModePermission(uid, projectKey, resource, resourceName, action string) (hasPermission bool, err error)
- func CheckDuplicateUser(username string, logger *zap.SugaredLogger) error
- func CheckPermissionGivenByCollaborationMode(uid, projectKey, resource, action string) (hasPermission bool, err error)
- func CreateDefaultRolesForNamespace(namespace string, log *zap.SugaredLogger) error
- func CreateRole(ns string, req *CreateRoleReq, log *zap.SugaredLogger) error
- func CreateRoleBindings(role, ns string, identityList []*types.Identity, log *zap.SugaredLogger) error
- func CreateRoleTemplate(req *CreateRoleReq, log *zap.SugaredLogger) error
- func CreateUser(args *User, logger *zap.SugaredLogger) (*models.User, error)
- func CreateUserGroup(groupName, desc string, uids []string, logger *zap.SugaredLogger) error
- func DeleteAllRolesInNamespace(namespace string, log *zap.SugaredLogger) error
- func DeleteRole(name string, projectName string, log *zap.SugaredLogger) error
- func DeleteRoleBindingForUser(uid, namespace string, log *zap.SugaredLogger) error
- func DeleteRoleBindingForUserGroup(gid, namespace string, log *zap.SugaredLogger) error
- func DeleteRoleTemplate(name string, log *zap.SugaredLogger) error
- func DeleteUserByUID(uid string, logger *zap.SugaredLogger) error
- func DeleteUserGroup(groupID string, logger *zap.SugaredLogger) error
- func GetAllUserGroup() (string, error)
- func GetRole(ns, name string, log *zap.SugaredLogger) (*types.DetailedRole, error)
- func GetRoleTemplate(name string, log *zap.SugaredLogger) (*types.DetailedRoleTemplate, error)
- func GetUser(uid string, logger *zap.SugaredLogger) (*types.UserInfo, error)
- func GetUserCount(logger *zap.SugaredLogger) (*types.UserStatistics, error)
- func GetUserGroup(groupID string, logger *zap.SugaredLogger) (*types.DetailedUserGroupResp, error)
- func GetUserGroupByUID(uid string) ([]string, error)
- func GetUserSetting(uid string, logger *zap.SugaredLogger) (*types.UserSetting, error)
- func InitializeProjectAuthorization(namespace string, isPublic bool, admins []string, log *zap.SugaredLogger) error
- func IsPublicURL(reqPath, method string) bool
- func ListActionByRole(roleID uint) ([]string, error)
- func ListAuthorizedEnvs(uid, projectKey string, logger *zap.SugaredLogger) (readEnvList, editEnvList []string, err error)
- func ListAuthorizedProject(uid string, logger *zap.SugaredLogger) ([]string, error)
- func ListAuthorizedProjectByVerb(uid, resource, verb string, logger *zap.SugaredLogger) ([]string, error)
- func ListAuthorizedWorkflow(uid, projectKey string, logger *zap.SugaredLogger) ([]string, []string, error)
- func ListRoleByGID(gid string) ([]*types.Role, error)
- func ListRoleByUID(uid string) ([]*types.Role, error)
- func ListRoleTemplates(log *zap.SugaredLogger) ([]*types.RoleTemplate, error)
- func ListRolesByNamespace(projectName string, log *zap.SugaredLogger) ([]*types.Role, error)
- func ListRolesByNamespaceAndUserID(projectName, uid string, log *zap.SugaredLogger) ([]*types.Role, error)
- func Reset(args *ResetParams, logger *zap.SugaredLogger) error
- func SearchAndSyncUser(ldapId string, logger *zap.SugaredLogger) error
- func SearchUserByAccount(args *QueryArgs, logger *zap.SugaredLogger) (*types.UsersResp, error)
- func SearchUsers(args *QueryArgs, logger *zap.SugaredLogger) (*types.UsersResp, error)
- func SearchUsersByUIDs(uids []string, logger *zap.SugaredLogger) (*types.UsersResp, error)
- func SetProjectVisibility(namespace string, visible bool, log *zap.SugaredLogger) error
- func SyncUser(syncUserInfo *SyncUserInfo, ifUpdateLoginTime bool, logger *zap.SugaredLogger) (*models.User, error)
- func UpdatePassword(args *Password, logger *zap.SugaredLogger) error
- func UpdateRole(ns string, req *CreateRoleReq, log *zap.SugaredLogger) error
- func UpdateRoleBindingForUser(uid, namespace string, roles []string, log *zap.SugaredLogger) error
- func UpdateRoleBindingForUserGroup(gid, namespace string, roles []string, log *zap.SugaredLogger) error
- func UpdateRoleTemplate(req *CreateRoleReq, log *zap.SugaredLogger) error
- func UpdateUser(uid string, args *UpdateUserInfo, _ *zap.SugaredLogger) error
- func UpdateUserGroupInfo(groupID, name, description string, logger *zap.SugaredLogger) error
- func UpdateUserSetting(uid string, args *UserSetting) error
- func ValidateToken(tokenString string) (*login.Claims, bool, error)
- type Action
- type AuthorizedResources
- type BindingGroupInfo
- type BindingUserInfo
- type BuildActions
- type BusinessDirectoryActions
- type ClusterManagementActions
- type CreateRoleReq
- type DBInstanceManagementActions
- type DataCenterActions
- type DeliveryCenterActions
- type EnvActions
- type GetUserRulesByProjectResp
- type GetUserRulesResp
- type HelmRepoManagementActions
- type OpenAPIQueryArgs
- type Password
- type ProductionEnvActions
- type ProductionServiceActions
- type ProjectActions
- type QueryArgs
- type RegistryManagementActions
- type ReleaseCenterActions
- type ReleasePlanActions
- type ResetParams
- type ResourceDefinition
- type RetrieveResp
- type RoleBindingResp
- type S3StorageManagementActions
- type ScanningActions
- type ServiceActions
- type SyncUserInfo
- type SystemActions
- type SystemProjectActions
- type TemplateActions
- type TestActions
- type TestCenterActions
- type TestingOpt
- type UpdateUserInfo
- type User
- type UserGroupResp
- type UserSetting
- type VMManagementActions
- type VersionActions
- type WorkflowActions
Constants ¶
const ( RoleActionKeyFormat = "role_action_%d" UIDRoleKeyFormat = "uid_role_%s" UIDRoleDataFormat = "%d++%s++%s" UIDRoleLock = "lock_uid_role_%s" GIDRoleKeyFormat = "gid_role_%s" GIDRoleDataFormat = "%d++%s++%s" GIDRoleLock = "lock_gid_role_%s" )
const ( GeneralNamespace = "*" AdminRole = "admin" ProjectAdminRole = "project-admin" ReadOnlyRole = "read-only" )
const ( // delivery VerbGetDelivery = "get_delivery" VerbCreateDelivery = "create_delivery" VerbDeleteDelivery = "delete_delivery" // test VerbGetTest = "get_test" VerbCreateTest = "create_test" VerbEditTest = "edit_test" VerbDeleteTest = "delete_test" VerbRunTest = "run_test" // service VerbGetService = "get_service" VerbCreateService = "create_service" VerbEditService = "edit_service" VerbDeleteService = "delete_service" // production service VerbGetProductionService = "get_production_service" VerbCreateProductionService = "create_production_service" VerbEditProductionService = "edit_production_service" VerbDeleteProductionService = "delete_production_service" // build VerbGetBuild = "get_build" VerbCreateBuild = "create_build" VerbEditBuild = "edit_build" VerbDeleteBuild = "delete_build" // Workflow VerbGetWorkflow = "get_workflow" VerbCreateWorkflow = "create_workflow" VerbEditWorkflow = "edit_workflow" VerbDeleteWorkflow = "delete_workflow" VerbRunWorkflow = "run_workflow" VerbDebugWorkflow = "debug_workflow" // Environment VerbGetEnvironment = "get_environment" VerbCreateEnvironment = "create_environment" VerbConfigEnvironment = "config_environment" VerbManageEnvironment = "manage_environment" VerbDeleteEnvironment = "delete_environment" VerbDebugEnvironmentPod = "debug_pod" VerbEnvironmentSSHPM = "ssh_pm" // Production Environment VerbGetProductionEnv = "get_production_environment" VerbCreateProductionEnv = "create_production_environment" VerbConfigProductionEnv = "config_production_environment" VerbEditProductionEnv = "edit_production_environment" VerbDeleteProductionEnv = "delete_production_environment" VerbDebugProductionEnvPod = "production_debug_pod" // Scanning VerbGetScan = "get_scan" VerbCreateScan = "create_scan" VerbEditScan = "edit_scan" VerbDeleteScan = "delete_scan" VerbRunScan = "run_scan" )
Namespaced Resources Actions
const ( // project VerbCreateProject = "create_project" VerbDeleteProject = "delete_project" // template store VerbCreateTemplate = "create_template" VerbGetTemplate = "get_template" VerbEditTemplate = "edit_template" VerbDeleteTemplate = "delete_template" // Quality center VerbViewTestCenter = "get_test_detail" // release center, deprecated after 1.7.0 VerbViewReleaseCenter = "get_release" // delivery center VerbDeliveryCenterGetVersions = "release_get" VerbDeliveryCenterGetArtifact = "delivery_get" // data center VerbGetDataCenterOverview = "data_over" VerbGetDataCenterInsight = "efficiency_over" VerbEditDataCenterInsightConfig = "edit_dashboard_config" // release plan VerbGetReleasePlan = "get_release_plan" VerbCreateReleasePlan = "create_release_plan" VerbEditReleasePlan = "edit_release_plan" VerbDeleteReleasePlan = "delete_release_plan" // cluster management VerbGetClusterManagement = "get_cluster_management" VerbCreateClusterManagement = "create_cluster_management" VerbEditClusterManagement = "edit_cluster_management" VerbDeleteClusterManagement = "delete_cluster_management" // vm management VerbGetVMManagement = "get_vm_management" VerbCreateVMManagement = "create_vm_management" VerbEditVMManagement = "edit_vm_management" VerbDeleteVMManagement = "delete_vm_management" // registry management VerbGetRegistryManagement = "get_registry_management" VerbCreateRegistryManagement = "create_registry_management" VerbEditRegistryManagement = "edit_registry_management" VerbDeleteRegistryManagement = "delete_registry_management" // s3storage management VerbGetS3StorageManagement = "get_s3storage_management" VerbCreateS3StorageManagement = "create_s3storage_management" VerbEditS3StorageManagement = "edit_s3storage_management" VerbDeleteS3StorageManagement = "delete_s3storage_management" // helmrepo management VerbGetHelmRepoManagement = "get_helmrepo_management" VerbCreateHelmRepoManagement = "create_helmrepo_management" VerbEditHelmRepoManagement = "edit_helmrepo_management" VerbDeleteHelmRepoManagement = "delete_helmrepo_management" // business directory VerbGetBusinessDirectory = "get_business_directory" // dbinstance management VerbGetDBInstanceManagement = "get_dbinstance_management" VerbCreateDBInstanceManagement = "create_dbinstance_management" VerbEditDBInstanceManagement = "edit_dbinstance_management" VerbDeleteDBInstanceManagement = "delete_dbinstance_management" )
system level authorization actions
const ( UppercaseValidator = `[A-Z]+` LowercaseValidator = `[a-z]+` DigitValidator = `\d+` LengthValidator = `.{8,}` )
const (
UserGroupCacheKeyFormat = "user_group_%s"
)
Variables ¶
var ActionMap = make(map[string]uint)
ActionMap is the local cache for all the actions' ID, the key is the action name Note that there is no way to change action after the service start, the local cache won't have an expiration mechanism.
Functions ¶
func BatchDeleteRole ¶ added in v2.3.1
func BulkAddUserToUserGroup ¶
func BulkAddUserToUserGroup(groupID string, uids []string, logger *zap.SugaredLogger) error
func BulkRemoveUserFromUserGroup ¶
func BulkRemoveUserFromUserGroup(groupID string, uids []string, logger *zap.SugaredLogger) error
func CheckDuplicateUser ¶
func CheckDuplicateUser(username string, logger *zap.SugaredLogger) error
func CreateDefaultRolesForNamespace ¶
func CreateDefaultRolesForNamespace(namespace string, log *zap.SugaredLogger) error
func CreateRole ¶
func CreateRole(ns string, req *CreateRoleReq, log *zap.SugaredLogger) error
func CreateRoleBindings ¶
func CreateRoleTemplate ¶ added in v2.3.1
func CreateRoleTemplate(req *CreateRoleReq, log *zap.SugaredLogger) error
func CreateUser ¶
func CreateUserGroup ¶
func CreateUserGroup(groupName, desc string, uids []string, logger *zap.SugaredLogger) error
func DeleteAllRolesInNamespace ¶
func DeleteAllRolesInNamespace(namespace string, log *zap.SugaredLogger) error
func DeleteRole ¶
func DeleteRole(name string, projectName string, log *zap.SugaredLogger) error
func DeleteRoleBindingForUser ¶
func DeleteRoleBindingForUser(uid, namespace string, log *zap.SugaredLogger) error
func DeleteRoleBindingForUserGroup ¶
func DeleteRoleBindingForUserGroup(gid, namespace string, log *zap.SugaredLogger) error
func DeleteRoleTemplate ¶ added in v2.3.1
func DeleteRoleTemplate(name string, log *zap.SugaredLogger) error
func DeleteUserByUID ¶
func DeleteUserByUID(uid string, logger *zap.SugaredLogger) error
func DeleteUserGroup ¶
func DeleteUserGroup(groupID string, logger *zap.SugaredLogger) error
func GetAllUserGroup ¶
func GetRole ¶
func GetRole(ns, name string, log *zap.SugaredLogger) (*types.DetailedRole, error)
func GetRoleTemplate ¶ added in v2.3.1
func GetRoleTemplate(name string, log *zap.SugaredLogger) (*types.DetailedRoleTemplate, error)
func GetUserCount ¶
func GetUserCount(logger *zap.SugaredLogger) (*types.UserStatistics, error)
func GetUserGroup ¶
func GetUserGroup(groupID string, logger *zap.SugaredLogger) (*types.DetailedUserGroupResp, error)
func GetUserGroupByUID ¶
GetUserGroupByUID list all group IDs the given user with [uid] with cache
func GetUserSetting ¶
func GetUserSetting(uid string, logger *zap.SugaredLogger) (*types.UserSetting, error)
func IsPublicURL ¶
func ListActionByRole ¶
ListActionByRole list all actions permitted by a role ID with cache. note: since now global action and projected action are mutually exclusive in a role, we use this function change this function if necessary.
func ListAuthorizedEnvs ¶
func ListAuthorizedEnvs(uid, projectKey string, logger *zap.SugaredLogger) (readEnvList, editEnvList []string, err error)
func ListAuthorizedProject ¶
func ListAuthorizedProject(uid string, logger *zap.SugaredLogger) ([]string, error)
func ListAuthorizedProjectByVerb ¶
func ListAuthorizedProjectByVerb(uid, resource, verb string, logger *zap.SugaredLogger) ([]string, error)
func ListAuthorizedWorkflow ¶
func ListAuthorizedWorkflow(uid, projectKey string, logger *zap.SugaredLogger) ([]string, []string, error)
ListAuthorizedWorkflow lists all workflows authorized by collaboration mode
func ListRoleByGID ¶
ListRoleByGID lists all roles by gid with cache. WARNING: this function only returns roleID and namespace, DO NOT use other fields.
func ListRoleByUID ¶
ListRoleByUID lists all roles by uid with cache. WARNING: this function only returns roleID and namespace, DO NOT use other fields.
func ListRoleTemplates ¶ added in v2.3.1
func ListRoleTemplates(log *zap.SugaredLogger) ([]*types.RoleTemplate, error)
func ListRolesByNamespace ¶
ListRolesByNamespace list roles For roles in projects, system roles will be returned as lazy initialization
func Reset ¶
func Reset(args *ResetParams, logger *zap.SugaredLogger) error
func SearchAndSyncUser ¶
func SearchAndSyncUser(ldapId string, logger *zap.SugaredLogger) error
func SearchUserByAccount ¶
func SearchUsers ¶
func SearchUsersByUIDs ¶
func SetProjectVisibility ¶
func SetProjectVisibility(namespace string, visible bool, log *zap.SugaredLogger) error
func SyncUser ¶
func SyncUser(syncUserInfo *SyncUserInfo, ifUpdateLoginTime bool, logger *zap.SugaredLogger) (*models.User, error)
func UpdatePassword ¶
func UpdatePassword(args *Password, logger *zap.SugaredLogger) error
func UpdateRole ¶
func UpdateRole(ns string, req *CreateRoleReq, log *zap.SugaredLogger) error
UpdateRole updates the role and its action binding.
func UpdateRoleBindingForUser ¶
func UpdateRoleBindingForUser(uid, namespace string, roles []string, log *zap.SugaredLogger) error
func UpdateRoleBindingForUserGroup ¶
func UpdateRoleBindingForUserGroup(gid, namespace string, roles []string, log *zap.SugaredLogger) error
func UpdateRoleTemplate ¶ added in v2.3.1
func UpdateRoleTemplate(req *CreateRoleReq, log *zap.SugaredLogger) error
func UpdateUser ¶
func UpdateUser(uid string, args *UpdateUserInfo, _ *zap.SugaredLogger) error
func UpdateUserGroupInfo ¶
func UpdateUserGroupInfo(groupID, name, description string, logger *zap.SugaredLogger) error
func UpdateUserSetting ¶
func UpdateUserSetting(uid string, args *UserSetting) error
Types ¶
type AuthorizedResources ¶
type AuthorizedResources struct { IsSystemAdmin bool `json:"is_system_admin"` ProjectAuthInfo map[string]ProjectActions `json:"project_auth_info"` SystemActions *SystemActions `json:"system_actions"` }
func GetUserAuthInfo ¶
func GetUserAuthInfo(uid string, logger *zap.SugaredLogger) (*AuthorizedResources, error)
type BindingGroupInfo ¶
type BindingUserInfo ¶
type BusinessDirectoryActions ¶
type BusinessDirectoryActions struct {
View bool
}
type CreateRoleReq ¶
type DataCenterActions ¶
type DeliveryCenterActions ¶
type EnvActions ¶
type GetUserRulesByProjectResp ¶
type GetUserRulesByProjectResp struct { IsSystemAdmin bool `json:"is_system_admin"` IsProjectAdmin bool `json:"is_project_admin"` ProjectVerbs []string `json:"project_verbs"` WorkflowVerbsMap map[string][]string `json:"workflow_verbs_map"` EnvironmentVerbsMap map[string][]string `json:"environment_verbs_map"` }
func GetUserPermissionByProject ¶
func GetUserPermissionByProject(uid, projectName string, log *zap.SugaredLogger) (*GetUserRulesByProjectResp, error)
type GetUserRulesResp ¶
type GetUserRulesResp struct { IsSystemAdmin bool `json:"is_system_admin"` ProjectAdminList []string `json:"project_admin_list"` SystemVerbs []string `json:"system_verbs"` }
func GetUserRules ¶
func GetUserRules(uid string, log *zap.SugaredLogger) (*GetUserRulesResp, error)
type OpenAPIQueryArgs ¶
type ProductionEnvActions ¶
type ProjectActions ¶
type ProjectActions struct { IsProjectAdmin bool `json:"is_system_admin"` Workflow *WorkflowActions `json:"workflow"` Env *EnvActions `json:"env"` ProductionEnv *ProductionEnvActions `json:"production_env"` Service *ServiceActions `json:"service"` ProductionService *ProductionServiceActions `json:"production_service"` Build *BuildActions `json:"build"` Test *TestActions `json:"test"` Scanning *ScanningActions `json:"scanning"` Version *VersionActions `json:"version"` }
type QueryArgs ¶
type QueryArgs struct { Name string `json:"name,omitempty"` Account string `json:"account,omitempty" form:"account"` IdentityType string `json:"identity_type,omitempty"` UIDs []string `json:"uids,omitempty"` PerPage int `json:"per_page,omitempty" form:"perPage"` Page int `json:"page,omitempty" form:"page"` }
type ReleaseCenterActions ¶
type ReleaseCenterActions struct {
View bool
}
type ReleasePlanActions ¶
type ResetParams ¶
type ResourceDefinition ¶
type ResourceDefinition struct { Resource string `json:"resource"` Alias string `json:"alias"` Rules []*Action `json:"rules"` }
func GetResourceActionDefinitions ¶
func GetResourceActionDefinitions(scope, envType string, log *zap.SugaredLogger) ([]*ResourceDefinition, error)
type RetrieveResp ¶
type RetrieveResp struct {
Email string `json:"email"`
}
func Retrieve ¶
func Retrieve(account string, logger *zap.SugaredLogger) (*RetrieveResp, error)
type RoleBindingResp ¶
type RoleBindingResp struct { BindingType string `json:"binding_type"` UserInfo *BindingUserInfo `json:"user_info,omitempty"` GroupInfo *BindingGroupInfo `json:"group_info,omitempty"` Roles []string `json:"roles"` }
func ListRoleBindings ¶
func ListRoleBindings(ns, uid, gid string, log *zap.SugaredLogger) ([]*RoleBindingResp, error)
type ScanningActions ¶
type SyncUserInfo ¶
type SystemActions ¶
type SystemActions struct { Project *SystemProjectActions `json:"project"` Template *TemplateActions `json:"template"` TestCenter *TestCenterActions `json:"test_center"` ReleaseCenter *ReleaseCenterActions `json:"release_center"` DeliveryCenter *DeliveryCenterActions `json:"delivery_center"` DataCenter *DataCenterActions `json:"data_center"` ReleasePlan *ReleasePlanActions `json:"release_plan"` BusinessDirectory *BusinessDirectoryActions `json:"business_directory"` ClusterManagement *ClusterManagementActions `json:"cluster_management"` VMManagement *VMManagementActions `json:"vm_management"` RegistryManagement *RegistryManagementActions `json:"registry_management"` S3StorageManagement *S3StorageManagementActions `json:"s3storage_management"` HelmRepoManagement *HelmRepoManagementActions `json:"helmrepo_management"` DBInstanceManagement *DBInstanceManagementActions `json:"dbinstance_management"` }
type SystemProjectActions ¶
type TestActions ¶
type TestCenterActions ¶
type TestCenterActions struct {
View bool
}
type TestingOpt ¶
type TestingOpt struct { Name string `json:"name"` ProductName string `json:"product_name"` Desc string `json:"desc"` UpdateTime int64 `json:"update_time"` UpdateBy string `json:"update_by"` TestCaseNum int `json:"test_case_num,omitempty"` ExecuteNum int `json:"execute_num,omitempty"` PassRate float64 `json:"pass_rate,omitempty"` AvgDuration float64 `json:"avg_duration,omitempty"` Workflows []*aslanmodels.Workflow `json:"workflows,omitempty"` Verbs []string `json:"verbs"` }
type UpdateUserInfo ¶
type UserGroupResp ¶
type UserGroupResp struct { ID string `json:"id"` Name string `json:"name"` Description string `json:"description"` Type string `json:"type"` UserTotal int64 `json:"user_total"` }
func ListUserGroups ¶
func ListUserGroups(queryName string, pageNum, pageSize int, logger *zap.SugaredLogger) ([]*UserGroupResp, int64, error)
func ListUserGroupsByUid ¶ added in v2.3.1
func ListUserGroupsByUid(uid string, logger *zap.SugaredLogger) ([]*UserGroupResp, int64, error)