permission

package
v1.9.9 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 24, 2023 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	GeneralNamespace = "*"

	AdminRole        = "admin"
	ProjectAdminRole = "project-admin"
	ReadOnlyRole     = "read-only"
)
View Source 
const (
	// delivery
	VerbGetDelivery    = "get_delivery"
	VerbCreateDelivery = "create_delivery"
	VerbDeleteDelivery = "delete_delivery"
	// test
	VerbGetTest    = "get_test"
	VerbCreateTest = "create_test"
	VerbEditTest   = "edit_test"
	VerbDeleteTest = "delete_test"
	VerbRunTest    = "run_test"
	// service
	VerbGetService    = "get_service"
	VerbCreateService = "create_service"
	VerbEditService   = "edit_service"
	VerbDeleteService = "delete_service"
	// production service
	VerbGetProductionService    = "get_production_service"
	VerbCreateProductionService = "create_production_service"
	VerbEditProductionService   = "edit_production_service"
	VerbDeleteProductionService = "delete_production_service"
	// build
	VerbGetBuild    = "get_build"
	VerbCreateBuild = "create_build"
	VerbEditBuild   = "edit_build"
	VerbDeleteBuild = "delete_build"
	// Workflow
	VerbGetWorkflow    = "get_workflow"
	VerbCreateWorkflow = "create_workflow"
	VerbEditWorkflow   = "edit_workflow"
	VerbDeleteWorkflow = "delete_workflow"
	VerbRunWorkflow    = "run_workflow"
	VerbDebugWorkflow  = "debug_workflow"
	// Environment
	VerbGetEnvironment      = "get_environment"
	VerbCreateEnvironment   = "create_environment"
	VerbConfigEnvironment   = "config_environment"
	VerbManageEnvironment   = "manage_environment"
	VerbDeleteEnvironment   = "delete_environment"
	VerbDebugEnvironmentPod = "debug_pod"
	VerbEnvironmentSSHPM    = "ssh_pm"
	// Production Environment
	VerbGetProductionEnv      = "get_production_environment"
	VerbCreateProductionEnv   = "create_production_environment"
	VerbConfigProductionEnv   = "config_production_environment"
	VerbEditProductionEnv     = "edit_production_environment"
	VerbDeleteProductionEnv   = "delete_production_environment"
	VerbDebugProductionEnvPod = "production_debug_pod"
	// Scanning
	VerbGetScan    = "get_scan"
	VerbCreateScan = "create_scan"
	VerbEditScan   = "edit_scan"
	VerbDeleteScan = "delete_scan"
	VerbRunScan    = "run_scan"
)

Namespaced Resources Actions

View Source 
const (
	// project
	VerbCreateProject = "create_project"
	VerbDeleteProject = "delete_project"
	// template store
	VerbCreateTemplate = "create_template"
	VerbGetTemplate    = "get_template"
	VerbEditTemplate   = "edit_template"
	VerbDeleteTemplate = "delete_template"
	// Quality center
	VerbViewTestCenter = "get_test_detail"
	// release center, deprecated after 1.7.0
	VerbViewReleaseCenter = "get_release"
	// delivery center
	VerbDeliveryCenterGetVersions = "release_get"
	VerbDeliveryCenterGetArtifact = "delivery_get"
	// data center
	VerbGetDataCenterOverview       = "data_over"
	VerbGetDataCenterInsight        = "efficiency_over"
	VerbEditDataCenterInsightConfig = "edit_dashboard_config"
	// release plan
	VerbGetReleasePlan    = "get_release_plan"
	VerbCreateReleasePlan = "create_release_plan"
	VerbEditReleasePlan   = "edit_release_plan"
	VerbDeleteReleasePlan = "delete_release_plan"
	// cluster management
	VerbGetClusterManagement    = "get_cluster_management"
	VerbCreateClusterManagement = "create_cluster_management"
	VerbEditClusterManagement   = "edit_cluster_management"
	VerbDeleteClusterManagement = "delete_cluster_management"
	// vm management
	VerbGetVMManagement    = "get_vm_management"
	VerbCreateVMManagement = "create_vm_management"
	VerbEditVMManagement   = "edit_vm_management"
	VerbDeleteVMManagement = "delete_vm_management"
	// registry management
	VerbGetRegistryManagement    = "get_registry_management"
	VerbCreateRegistryManagement = "create_registry_management"
	VerbEditRegistryManagement   = "edit_registry_management"
	VerbDeleteRegistryManagement = "delete_registry_management"
	// s3storage management
	VerbGetS3StorageManagement    = "get_s3storage_management"
	VerbCreateS3StorageManagement = "create_s3storage_management"
	VerbEditS3StorageManagement   = "edit_s3storage_management"
	VerbDeleteS3StorageManagement = "delete_s3storage_management"
	// helmrepo management
	VerbGetHelmRepoManagement    = "get_helmrepo_management"
	VerbCreateHelmRepoManagement = "create_helmrepo_management"
	VerbEditHelmRepoManagement   = "edit_helmrepo_management"
	VerbDeleteHelmRepoManagement = "delete_helmrepo_management"
	// business directory
	VerbGetBusinessDirectory = "get_business_directory"
	// dbinstance management
	VerbGetDBInstanceManagement    = "get_dbinstance_management"
	VerbCreateDBInstanceManagement = "create_dbinstance_management"
	VerbEditDBInstanceManagement   = "edit_dbinstance_management"
	VerbDeleteDBInstanceManagement = "delete_dbinstance_management"
)

system level authorization actions

Variables

View Source 
var ActionMap = make(map[string]uint)

ActionMap is the local cache for all the actions' ID, the key is the action name Note that there is no way to change action after the service start, the local cache won't have an expiration mechanism.

Functions

func CheckCollaborationModePermission 

func CheckCollaborationModePermission(uid, projectKey, resource, resourceName, action string) (hasPermission bool, err error)

func CheckPermissionGivenByCollaborationMode 

func CheckPermissionGivenByCollaborationMode(uid, projectKey, resource, action string) (hasPermission bool, err error)

func CreateDefaultRolesForNamespace 

func CreateDefaultRolesForNamespace(namespace string, log *zap.SugaredLogger) error

func CreateRole 

func CreateRole(ns string, req *CreateRoleReq, log *zap.SugaredLogger) error

func CreateRoleBindings 

func CreateRoleBindings(role, ns string, identityList []*types.Identity, log *zap.SugaredLogger) error

func DeleteAllRolesInNamespace 

func DeleteAllRolesInNamespace(namespace string, log *zap.SugaredLogger) error

func DeleteRole 

func DeleteRole(name string, projectName string, log *zap.SugaredLogger) error

func DeleteRoleBindingForUser 

func DeleteRoleBindingForUser(uid, namespace string, log *zap.SugaredLogger) error

func DeleteRoleBindingForUserGroup 

func DeleteRoleBindingForUserGroup(gid, namespace string, log *zap.SugaredLogger) error

func GetRole 

func GetRole(ns, name string, log *zap.SugaredLogger) (*types.DetailedRole, error)

func InitializeProjectAuthorization 

func InitializeProjectAuthorization(namespace string, isPublic bool, admins []string, log *zap.SugaredLogger) error

func IsPublicURL 

func IsPublicURL(reqPath, method string) bool

func ListAuthorizedEnvs 

func ListAuthorizedEnvs(uid, projectKey string, logger *zap.SugaredLogger) (readEnvList, editEnvList []string, err error)

func ListAuthorizedProject 

func ListAuthorizedProject(uid string, logger *zap.SugaredLogger) ([]string, error)

func ListAuthorizedProjectByVerb 

func ListAuthorizedProjectByVerb(uid, resource, verb string, logger *zap.SugaredLogger) ([]string, error)

func ListAuthorizedWorkflow 

func ListAuthorizedWorkflow(uid, projectKey string, logger *zap.SugaredLogger) ([]string, []string, error)

ListAuthorizedWorkflow lists all workflows authorized by collaboration mode

func ListRolesByNamespace 

func ListRolesByNamespace(projectName string, log *zap.SugaredLogger) ([]*types.Role, error)

func ListRolesByNamespaceAndUserID 

func ListRolesByNamespaceAndUserID(projectName, uid string, log *zap.SugaredLogger) ([]*types.Role, error)

func SetProjectVisibility 

func SetProjectVisibility(namespace string, visible bool, log *zap.SugaredLogger) error

func UpdateRole 

func UpdateRole(ns string, req *CreateRoleReq, log *zap.SugaredLogger) error

UpdateRole updates the role and its action binding.

func UpdateRoleBindingForUser 

func UpdateRoleBindingForUser(uid, namespace string, roles []string, log *zap.SugaredLogger) error

func UpdateRoleBindingForUserGroup 

func UpdateRoleBindingForUserGroup(gid, namespace string, roles []string, log *zap.SugaredLogger) error

func ValidateToken 

func ValidateToken(tokenString string) (*login.Claims, bool, error)

ValidateToken validates if the token is valid and returns the claims that belongs to this token if the token is valid

Types

type Action 

type Action struct {
	Action string `json:"action"`
	Alias  string `json:"alias"`
}

type AuthorizedResources 

type AuthorizedResources struct {
	IsSystemAdmin   bool                      `json:"is_system_admin"`
	ProjectAuthInfo map[string]ProjectActions `json:"project_auth_info"`
	SystemActions   *SystemActions            `json:"system_actions"`
}

func GetUserAuthInfo 

func GetUserAuthInfo(uid string, logger *zap.SugaredLogger) (*AuthorizedResources, error)

type BindingGroupInfo 

type BindingGroupInfo struct {
	GID  string `json:"group_id"`
	Name string `json:"name"`
}

type BindingUserInfo 

type BindingUserInfo struct {
	IdentityType string `json:"identity_type"`
	UID          string `json:"uid"`
	Account      string `json:"account"`
	Username     string `json:"username"`
}

type BuildActions 

type BuildActions struct {
	View   bool
	Create bool
	Edit   bool
	Delete bool
}

type BusinessDirectoryActions 

type BusinessDirectoryActions struct {
	View bool
}

type ClusterManagementActions 

type ClusterManagementActions struct {
	Create bool
	View   bool
	Edit   bool
	Delete bool
}

type CreateRoleReq 

type CreateRoleReq struct {
	Name      string   `json:"name"`
	Actions   []string `json:"actions"`
	Namespace string   `json:"namespace"`
	Desc      string   `json:"desc,omitempty"`
	Type      string   `json:"type,omitempty"`
}

type DBInstanceManagementActions 

type DBInstanceManagementActions struct {
	Create bool
	View   bool
	Edit   bool
	Delete bool
}

type DataCenterActions 

type DataCenterActions struct {
	ViewOverView      bool
	ViewInsight       bool
	EditInsightConfig bool
}

type DeliveryCenterActions 

type DeliveryCenterActions struct {
	ViewArtifact bool
	ViewVersion  bool
}

type EnvActions 

type EnvActions struct {
	View   bool
	Create bool
	// 配置
	EditConfig bool
	// 管理服务实例
	ManagePods bool
	Delete     bool
	DebugPod   bool
	// 主机登录
	SSH bool
}

type GetUserRulesByProjectResp 

type GetUserRulesByProjectResp struct {
	IsSystemAdmin       bool                `json:"is_system_admin"`
	IsProjectAdmin      bool                `json:"is_project_admin"`
	ProjectVerbs        []string            `json:"project_verbs"`
	WorkflowVerbsMap    map[string][]string `json:"workflow_verbs_map"`
	EnvironmentVerbsMap map[string][]string `json:"environment_verbs_map"`
}

func GetUserPermissionByProject 

func GetUserPermissionByProject(uid, projectName string, log *zap.SugaredLogger) (*GetUserRulesByProjectResp, error)

type GetUserRulesResp 

type GetUserRulesResp struct {
	IsSystemAdmin    bool                `json:"is_system_admin"`
	ProjectAdminList []string            `json:"project_admin_list"`
	ProjectVerbMap   map[string][]string `json:"project_verb_map"`
	SystemVerbs      []string            `json:"system_verbs"`
}

func GetUserRules 

func GetUserRules(uid string, log *zap.SugaredLogger) (*GetUserRulesResp, error)

type HelmRepoManagementActions 

type HelmRepoManagementActions struct {
	Create bool
	View   bool
	Edit   bool
	Delete bool
}

type ProductionEnvActions 

type ProductionEnvActions struct {
	View   bool
	Create bool
	// 配置
	EditConfig bool
	// 管理服务实例
	ManagePods bool
	Delete     bool
	DebugPod   bool
}

type ProductionServiceActions 

type ProductionServiceActions struct {
	View   bool
	Create bool
	Edit   bool
	Delete bool
}

type ProjectActions 

type ProjectActions struct {
	IsProjectAdmin    bool                      `json:"is_system_admin"`
	Workflow          *WorkflowActions          `json:"workflow"`
	Env               *EnvActions               `json:"env"`
	ProductionEnv     *ProductionEnvActions     `json:"production_env"`
	Service           *ServiceActions           `json:"service"`
	ProductionService *ProductionServiceActions `json:"production_service"`
	Build             *BuildActions             `json:"build"`
	Test              *TestActions              `json:"test"`
	Scanning          *ScanningActions          `json:"scanning"`
	Version           *VersionActions           `json:"version"`
}

type RegistryManagementActions 

type RegistryManagementActions struct {
	Create bool
	View   bool
	Edit   bool
	Delete bool
}

type ReleaseCenterActions 

type ReleaseCenterActions struct {
	View bool
}

type ReleasePlanActions 

type ReleasePlanActions struct {
	Create bool
	View   bool
	Edit   bool
	Delete bool
}

type ResourceDefinition 

type ResourceDefinition struct {
	Resource string    `json:"resource"`
	Alias    string    `json:"alias"`
	Rules    []*Action `json:"rules"`
}

func GetResourceActionDefinitions 

func GetResourceActionDefinitions(scope, envType string, log *zap.SugaredLogger) ([]*ResourceDefinition, error)

type RoleBindingResp 

type RoleBindingResp struct {
	BindingType string            `json:"binding_type"`
	UserInfo    *BindingUserInfo  `json:"user_info,omitempty"`
	GroupInfo   *BindingGroupInfo `json:"group_info,omitempty"`
	Roles       []string          `json:"roles"`
}

func ListRoleBindings 

func ListRoleBindings(ns, uid, gid string, log *zap.SugaredLogger) ([]*RoleBindingResp, error)

type S3StorageManagementActions 

type S3StorageManagementActions struct {
	Create bool
	View   bool
	Edit   bool
	Delete bool
}

type ScanningActions 

type ScanningActions struct {
	View    bool
	Create  bool
	Edit    bool
	Delete  bool
	Execute bool
}

type ServiceActions 

type ServiceActions struct {
	View   bool
	Create bool
	Edit   bool
	Delete bool
}

type SystemActions 

type SystemActions struct {
	Project              *SystemProjectActions        `json:"project"`
	Template             *TemplateActions             `json:"template"`
	TestCenter           *TestCenterActions           `json:"test_center"`
	ReleaseCenter        *ReleaseCenterActions        `json:"release_center"`
	DeliveryCenter       *DeliveryCenterActions       `json:"delivery_center"`
	DataCenter           *DataCenterActions           `json:"data_center"`
	ReleasePlan          *ReleasePlanActions          `json:"release_plan"`
	BusinessDirectory    *BusinessDirectoryActions    `json:"business_directory"`
	ClusterManagement    *ClusterManagementActions    `json:"cluster_management"`
	VMManagement         *VMManagementActions         `json:"vm_management"`
	RegistryManagement   *RegistryManagementActions   `json:"registry_management"`
	S3StorageManagement  *S3StorageManagementActions  `json:"s3storage_management"`
	HelmRepoManagement   *HelmRepoManagementActions   `json:"helmrepo_management"`
	DBInstanceManagement *DBInstanceManagementActions `json:"dbinstance_management"`
}

type SystemProjectActions 

type SystemProjectActions struct {
	Create bool
	Delete bool
}

type TemplateActions 

type TemplateActions struct {
	Create bool
	View   bool
	Edit   bool
	Delete bool
}

type TestActions 

type TestActions struct {
	View    bool
	Create  bool
	Edit    bool
	Delete  bool
	Execute bool
}

type TestCenterActions 

type TestCenterActions struct {
	View bool
}

type TestingOpt 

type TestingOpt struct {
	Name        string                  `json:"name"`
	ProductName string                  `json:"product_name"`
	Desc        string                  `json:"desc"`
	UpdateTime  int64                   `json:"update_time"`
	UpdateBy    string                  `json:"update_by"`
	TestCaseNum int                     `json:"test_case_num,omitempty"`
	ExecuteNum  int                     `json:"execute_num,omitempty"`
	PassRate    float64                 `json:"pass_rate,omitempty"`
	AvgDuration float64                 `json:"avg_duration,omitempty"`
	Workflows   []*aslanmodels.Workflow `json:"workflows,omitempty"`
	Verbs       []string                `json:"verbs"`
}

type VMManagementActions 

type VMManagementActions struct {
	Create bool
	View   bool
	Edit   bool
	Delete bool
}

type VersionActions 

type VersionActions struct {
	View   bool
	Create bool
	Delete bool
}

type WorkflowActions 

type WorkflowActions struct {
	View    bool
	Create  bool
	Edit    bool
	Delete  bool
	Execute bool
	Debug   bool
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.