auth

package
v1.17.6 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 15, 2023 License: Apache-2.0, BSD-2-Clause, BSD-3-Clause, + 3 more Imports: 10 Imported by: 9

Documentation

Index

Constants

View Source
const (
	// DefaultUserMgnPluginName default user server name
	DefaultUserMgnPluginName = "defaultUser"
	// DefaultStrategyMgnPluginName default strategy server name
	DefaultStrategyMgnPluginName = "defaultStrategy"
)

Variables

This section is empty.

Functions

func Initialize

func Initialize(ctx context.Context, authOpt *Config, storage store.Store, cacheMgn *cache.CacheManager) error

Initialize 初始化

func RegisterStrategyServer added in v1.17.2

func RegisterStrategyServer(s StrategyServer) error

RegisterStrategyServer 注册一个新的 StrategyServer

func RegisterUserServer added in v1.17.2

func RegisterUserServer(s UserServer) error

RegisterUserServer 注册一个新的 UserServer

func TestInitialize

func TestInitialize(ctx context.Context, authOpt *Config, storage store.Store,
	cacheMgn *cache.CacheManager) (UserServer, StrategyServer, error)

TestInitialize 包裹了初始化函数,在 Initialize 的时候会在自动调用,全局初始化一次

Types

type AuthChecker

type AuthChecker interface {
	// Initialize 执行初始化动作
	Initialize(options *Config, storage store.Store, cacheMgn *cache.CacheManager) error
	// VerifyCredential 验证令牌
	VerifyCredential(preCtx *model.AcquireContext) error
	// CheckClientPermission 执行检查客户端动作判断是否有权限,并且对 RequestContext 注入操作者数据
	CheckClientPermission(preCtx *model.AcquireContext) (bool, error)
	// CheckConsolePermission 执行检查控制台动作判断是否有权限,并且对 RequestContext 注入操作者数据
	CheckConsolePermission(preCtx *model.AcquireContext) (bool, error)
	// IsOpenConsoleAuth 返回是否开启了操作鉴权,可以用于前端查询
	IsOpenConsoleAuth() bool
	// IsOpenClientAuth
	IsOpenClientAuth() bool
}

AuthChecker 权限管理通用接口定义

type Config

type Config struct {
	// Name 原AuthServer名称,已废弃
	Name string
	// Option 原AuthServer的option,已废弃
	// Deprecated
	Option map[string]interface{}
	// User UserOperator的相关配置
	User *UserConfig `yaml:"user"`
	// Strategy StrategyOperator的相关配置
	Strategy *StrategyConfig `yaml:"strategy"`
}

Config 鉴权能力的相关配置参数

func (*Config) SetDefault added in v1.17.2

func (c *Config) SetDefault()

type GroupOperator

type GroupOperator interface {
	// CreateGroup 创建用户组
	CreateGroup(ctx context.Context, group *apisecurity.UserGroup) *apiservice.Response
	// UpdateGroups 更新用户组
	UpdateGroups(ctx context.Context, groups []*apisecurity.ModifyUserGroup) *apiservice.BatchWriteResponse
	// DeleteGroups 批量删除用户组
	DeleteGroups(ctx context.Context, group []*apisecurity.UserGroup) *apiservice.BatchWriteResponse
	// GetGroups 查询用户组列表(不带用户详细信息)
	GetGroups(ctx context.Context, query map[string]string) *apiservice.BatchQueryResponse
	// GetGroup 根据用户组信息,查询该用户组下的用户相信
	GetGroup(ctx context.Context, req *apisecurity.UserGroup) *apiservice.Response
	// GetGroupToken 获取用户组的 token
	GetGroupToken(ctx context.Context, group *apisecurity.UserGroup) *apiservice.Response
	// UpdateGroupToken 取消用户组的 token 使用
	UpdateGroupToken(ctx context.Context, group *apisecurity.UserGroup) *apiservice.Response
	// ResetGroupToken 重置用户组的 token
	ResetGroupToken(ctx context.Context, group *apisecurity.UserGroup) *apiservice.Response
}

GroupOperator 用户组相关操作

type StrategyConfig added in v1.17.2

type StrategyConfig struct {
	// Name StrategyOperator的名称
	Name string `yaml:"name"`
	// Option StrategyOperator的option
	Option map[string]interface{} `yaml:"option"`
}

StrategyConfig StrategyOperator的相关配置

type StrategyServer added in v1.17.2

type StrategyServer interface {
	// Initialize 初始化
	Initialize(authOpt *Config, storage store.Store, cacheMgn *cache.CacheManager) error
	// Name 策略管理server名称
	Name() string
	// CreateStrategy 创建策略
	CreateStrategy(ctx context.Context, strategy *apisecurity.AuthStrategy) *apiservice.Response
	// UpdateStrategies 批量更新策略
	UpdateStrategies(ctx context.Context, reqs []*apisecurity.ModifyAuthStrategy) *apiservice.BatchWriteResponse
	// DeleteStrategies 删除策略
	DeleteStrategies(ctx context.Context, reqs []*apisecurity.AuthStrategy) *apiservice.BatchWriteResponse
	// GetStrategies 获取资源列表
	// support 1. 支持按照 principal-id + principal-role 进行查询
	// support 2. 支持普通的鉴权策略查询
	GetStrategies(ctx context.Context, query map[string]string) *apiservice.BatchQueryResponse
	// GetStrategy 获取策略详细
	GetStrategy(ctx context.Context, strategy *apisecurity.AuthStrategy) *apiservice.Response
	// GetPrincipalResources 获取某个 principal 的所有可操作资源列表
	GetPrincipalResources(ctx context.Context, query map[string]string) *apiservice.Response
	// GetAuthChecker 获取鉴权检查器
	GetAuthChecker() AuthChecker
	// AfterResourceOperation 操作完资源的后置处理逻辑
	AfterResourceOperation(afterCtx *model.AcquireContext) error
}

StrategyServer 策略相关操作

func GetStrategyServer added in v1.17.2

func GetStrategyServer() (StrategyServer, error)

GetStrategyServer 获取一个 StrategyServer

type UserConfig added in v1.17.2

type UserConfig struct {
	// Name UserOperator的名称
	Name string `yaml:"name"`
	// Option UserOperator的option
	Option map[string]interface{} `yaml:"option"`
}

UserConfig UserOperator的相关配置

type UserServer added in v1.17.2

type UserServer interface {
	// Initialize 初始化
	Initialize(authOpt *Config, storage store.Store, cacheMgn *cache.CacheManager) error
	// Name 用户数据管理server名称
	Name() string
	// CreateUsers 批量创建用户
	CreateUsers(ctx context.Context, users []*apisecurity.User) *apiservice.BatchWriteResponse
	// UpdateUser 更新用户信息
	UpdateUser(ctx context.Context, user *apisecurity.User) *apiservice.Response
	// UpdateUserPassword 更新用户密码
	UpdateUserPassword(ctx context.Context, req *apisecurity.ModifyUserPassword) *apiservice.Response
	// DeleteUsers 批量删除用户
	DeleteUsers(ctx context.Context, users []*apisecurity.User) *apiservice.BatchWriteResponse
	// GetUsers 查询用户列表
	GetUsers(ctx context.Context, query map[string]string) *apiservice.BatchQueryResponse
	// GetUserToken 获取用户的 token
	GetUserToken(ctx context.Context, user *apisecurity.User) *apiservice.Response
	// UpdateUserToken 禁止用户的token使用
	UpdateUserToken(ctx context.Context, user *apisecurity.User) *apiservice.Response
	// ResetUserToken 重置用户的token
	ResetUserToken(ctx context.Context, user *apisecurity.User) *apiservice.Response
	// Login 登录动作
	Login(req *apisecurity.LoginRequest) *apiservice.Response
	GroupOperator
}

UserServer 用户数据管理 server

func GetUserServer added in v1.17.2

func GetUserServer() (UserServer, error)

GetUserServer 获取一个 UserServer

Directories

Path Synopsis
Package mock is a generated GoMock package.
Package mock is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL