Documentation ¶
Index ¶
- Constants
- Variables
- func IsEmptyOperator(t OperatorInfo) bool
- func IsSubAccount(t OperatorInfo) bool
- func TestCheckName(password *wrappers.StringValue) error
- func TestCheckPassword(password *wrappers.StringValue) error
- func TestCreateToken(uid, gid string) (string, error)
- func TestDecryptMessage(key []byte, message string) (string, error)
- func TestParseStrategySearchArgs(ctx context.Context, searchFilters map[string]string) map[string]string
- type AuthConfig
- type DefaultAuthChecker
- func (d *DefaultAuthChecker) Cache() *cache.CacheManager
- func (d *DefaultAuthChecker) CheckClientPermission(preCtx *model.AcquireContext) (bool, error)
- func (d *DefaultAuthChecker) CheckConsolePermission(preCtx *model.AcquireContext) (bool, error)
- func (d *DefaultAuthChecker) CheckPermission(authCtx *model.AcquireContext) (bool, error)
- func (d *DefaultAuthChecker) DecodeToken(t string) (OperatorInfo, error)
- func (d *DefaultAuthChecker) Initialize(options *auth.Config, s store.Store, cacheMgn *cache.CacheManager) error
- func (d *DefaultAuthChecker) IsOpenAuth() bool
- func (d *DefaultAuthChecker) IsOpenClientAuth() bool
- func (d *DefaultAuthChecker) IsOpenConsoleAuth() bool
- func (d *DefaultAuthChecker) SetCacheMgr(mgr *cache.CacheManager)
- func (d *DefaultAuthChecker) VerifyCredential(authCtx *model.AcquireContext) error
- type GroupAuthAbility
- func (svr *GroupAuthAbility) CreateGroup(ctx context.Context, group *apisecurity.UserGroup) *apiservice.Response
- func (svr *GroupAuthAbility) DeleteGroups(ctx context.Context, reqs []*apisecurity.UserGroup) *apiservice.BatchWriteResponse
- func (svr *GroupAuthAbility) GetGroup(ctx context.Context, req *apisecurity.UserGroup) *apiservice.Response
- func (svr *GroupAuthAbility) GetGroupToken(ctx context.Context, req *apisecurity.UserGroup) *apiservice.Response
- func (svr *GroupAuthAbility) GetGroups(ctx context.Context, query map[string]string) *apiservice.BatchQueryResponse
- func (svr *GroupAuthAbility) ResetGroupToken(ctx context.Context, group *apisecurity.UserGroup) *apiservice.Response
- func (svr *GroupAuthAbility) UpdateGroupToken(ctx context.Context, group *apisecurity.UserGroup) *apiservice.Response
- func (svr *GroupAuthAbility) UpdateGroups(ctx context.Context, reqs []*apisecurity.ModifyUserGroup) *apiservice.BatchWriteResponse
- type OperatorInfo
- type Server
- func (svr *Server) AfterResourceOperation(afterCtx *model.AcquireContext) error
- func (svr *Server) CreateGroup(ctx context.Context, req *apisecurity.UserGroup) *apiservice.Response
- func (svr *Server) CreateStrategy(ctx context.Context, req *apisecurity.AuthStrategy) *apiservice.Response
- func (svr *Server) CreateUser(ctx context.Context, req *apisecurity.User) *apiservice.Response
- func (svr *Server) CreateUsers(ctx context.Context, req []*apisecurity.User) *apiservice.BatchWriteResponse
- func (svr *Server) DeleteGroup(ctx context.Context, req *apisecurity.UserGroup) *apiservice.Response
- func (svr *Server) DeleteGroups(ctx context.Context, reqs []*apisecurity.UserGroup) *apiservice.BatchWriteResponse
- func (svr *Server) DeleteStrategies(ctx context.Context, reqs []*apisecurity.AuthStrategy) *apiservice.BatchWriteResponse
- func (svr *Server) DeleteStrategy(ctx context.Context, req *apisecurity.AuthStrategy) *apiservice.Response
- func (svr *Server) DeleteUser(ctx context.Context, req *apisecurity.User) *apiservice.Response
- func (svr *Server) DeleteUsers(ctx context.Context, reqs []*apisecurity.User) *apiservice.BatchWriteResponse
- func (svr *Server) GetGroup(ctx context.Context, req *apisecurity.UserGroup) *apiservice.Response
- func (svr *Server) GetGroupToken(ctx context.Context, req *apisecurity.UserGroup) *apiservice.Response
- func (svr *Server) GetGroups(ctx context.Context, query map[string]string) *apiservice.BatchQueryResponse
- func (svr *Server) GetPrincipalResources(ctx context.Context, query map[string]string) *apiservice.Response
- func (svr *Server) GetStrategies(ctx context.Context, query map[string]string) *apiservice.BatchQueryResponse
- func (svr *Server) GetStrategy(ctx context.Context, req *apisecurity.AuthStrategy) *apiservice.Response
- func (svr *Server) GetUserToken(ctx context.Context, req *apisecurity.User) *apiservice.Response
- func (svr *Server) GetUsers(ctx context.Context, query map[string]string) *apiservice.BatchQueryResponse
- func (svr *Server) Login(req *apisecurity.LoginRequest) *apiservice.Response
- func (svr *Server) RecordHistory(entry *model.RecordEntry)
- func (svr *Server) ResetGroupToken(ctx context.Context, req *apisecurity.UserGroup) *apiservice.Response
- func (svr *Server) ResetUserToken(ctx context.Context, req *apisecurity.User) *apiservice.Response
- func (svr *Server) UpdateGroup(ctx context.Context, req *apisecurity.ModifyUserGroup) *apiservice.Response
- func (svr *Server) UpdateGroupToken(ctx context.Context, req *apisecurity.UserGroup) *apiservice.Response
- func (svr *Server) UpdateGroups(ctx context.Context, groups []*apisecurity.ModifyUserGroup) *apiservice.BatchWriteResponse
- func (svr *Server) UpdateStrategies(ctx context.Context, reqs []*apisecurity.ModifyAuthStrategy) *apiservice.BatchWriteResponse
- func (svr *Server) UpdateStrategy(ctx context.Context, req *apisecurity.ModifyAuthStrategy) *apiservice.Response
- func (svr *Server) UpdateUser(ctx context.Context, req *apisecurity.User) *apiservice.Response
- func (svr *Server) UpdateUserPassword(ctx context.Context, req *apisecurity.ModifyUserPassword) *apiservice.Response
- func (svr *Server) UpdateUserToken(ctx context.Context, req *apisecurity.User) *apiservice.Response
- type StrategyAuthAbility
- func (svr *StrategyAuthAbility) AfterResourceOperation(afterCtx *model.AcquireContext) error
- func (svr *StrategyAuthAbility) CreateStrategy(ctx context.Context, strategy *apisecurity.AuthStrategy) *apiservice.Response
- func (svr *StrategyAuthAbility) DeleteStrategies(ctx context.Context, reqs []*apisecurity.AuthStrategy) *apiservice.BatchWriteResponse
- func (svr *StrategyAuthAbility) GetAuthChecker() auth.AuthChecker
- func (svr *StrategyAuthAbility) GetPrincipalResources(ctx context.Context, query map[string]string) *apiservice.Response
- func (svr *StrategyAuthAbility) GetStrategies(ctx context.Context, query map[string]string) *apiservice.BatchQueryResponse
- func (svr *StrategyAuthAbility) GetStrategy(ctx context.Context, strategy *apisecurity.AuthStrategy) *apiservice.Response
- func (svr *StrategyAuthAbility) Initialize(authOpt *auth.Config, storage store.Store, cacheMgn *cache.CacheManager) error
- func (svr *StrategyAuthAbility) Name() string
- func (svr *StrategyAuthAbility) UpdateStrategies(ctx context.Context, reqs []*apisecurity.ModifyAuthStrategy) *apiservice.BatchWriteResponse
- type StrategyDetail2Api
- type User2Api
- type UserAuthAbility
- func (svr *UserAuthAbility) CreateUsers(ctx context.Context, req []*apisecurity.User) *apiservice.BatchWriteResponse
- func (svr *UserAuthAbility) DeleteUser(ctx context.Context, user *apisecurity.User) *apiservice.Response
- func (svr *UserAuthAbility) DeleteUsers(ctx context.Context, reqs []*apisecurity.User) *apiservice.BatchWriteResponse
- func (svr *UserAuthAbility) GetUserToken(ctx context.Context, user *apisecurity.User) *apiservice.Response
- func (svr *UserAuthAbility) GetUsers(ctx context.Context, filter map[string]string) *apiservice.BatchQueryResponse
- func (svr *UserAuthAbility) Initialize(authOpt *auth.Config, storage store.Store, cacheMgn *cache.CacheManager) error
- func (svr *UserAuthAbility) Login(req *apisecurity.LoginRequest) *apiservice.Response
- func (svr *UserAuthAbility) Name() string
- func (svr *UserAuthAbility) ResetUserToken(ctx context.Context, user *apisecurity.User) *apiservice.Response
- func (svr *UserAuthAbility) UpdateUser(ctx context.Context, user *apisecurity.User) *apiservice.Response
- func (svr *UserAuthAbility) UpdateUserPassword(ctx context.Context, req *apisecurity.ModifyUserPassword) *apiservice.Response
- func (svr *UserAuthAbility) UpdateUserToken(ctx context.Context, user *apisecurity.User) *apiservice.Response
- type UserGroup2Api
Constants ¶
const ( // TokenPattern token 的格式 随机字符串::[uid/xxx | groupid/xxx] TokenPattern string = "%s::%s" // TokenSplit token 的分隔符 TokenSplit string = "::" )
Variables ¶
var ( // ErrorNotAllowedAccess 鉴权失败 ErrorNotAllowedAccess error = errors.New(api.Code2Info(api.NotAllowedAccess)) // ErrorInvalidParameter 不合法的参数 ErrorInvalidParameter error = errors.New(api.Code2Info(api.InvalidParameter)) // ErrorNotPermission . ErrorNotPermission = errors.New("no permission") )
var ( // MustOwner 必须超级账户 or 主账户 MustOwner = true // NotOwner 任意账户 NotOwner = false // WriteOp 写操作 WriteOp = true // ReadOp 读操作 ReadOp = false )
var AuthOption = DefaultAuthConfig()
AuthOption 鉴权的配置信息
var ( // StrategyFilterAttributes strategy filter attributes StrategyFilterAttributes = map[string]bool{ "id": true, "name": true, "owner": true, "offset": true, "limit": true, "principal_id": true, "principal_type": true, "res_id": true, "res_type": true, "default": true, "show_detail": true, } )
Functions ¶
func TestCheckName ¶ added in v1.17.3
func TestCheckName(password *wrappers.StringValue) error
func TestCheckPassword ¶ added in v1.17.3
func TestCheckPassword(password *wrappers.StringValue) error
func TestCreateToken ¶ added in v1.17.3
func TestDecryptMessage ¶ added in v1.17.3
Types ¶
type AuthConfig ¶
type AuthConfig struct { // ConsoleOpen 控制台是否开启鉴权 ConsoleOpen bool `json:"consoleOpen" xml:"consoleOpen"` // ClientOpen 是否开启客户端接口鉴权 ClientOpen bool `json:"clientOpen" xml:"clientOpen"` // Salt 相关密码、token加密的salt Salt string `json:"salt" xml:"salt"` // Strict 是否启用鉴权的严格模式,即对于没有任何鉴权策略的资源,也必须带上正确的token才能操作, 默认关闭 // Deprecated Strict bool `json:"strict"` // ConsoleStrict 是否启用鉴权的严格模式,即对于没有任何鉴权策略的资源,也必须带上正确的token才能操作, 默认关闭 ConsoleStrict bool `json:"consoleStrict"` // ClientStrict 是否启用鉴权的严格模式,即对于没有任何鉴权策略的资源,也必须带上正确的token才能操作, 默认关闭 ClientStrict bool `json:"clientStrict"` }
AuthConfig 鉴权配置
type DefaultAuthChecker ¶ added in v1.17.3
type DefaultAuthChecker struct {
// contains filtered or unexported fields
}
DefaultAuthChecker 北极星自带的默认鉴权中心
func (*DefaultAuthChecker) Cache ¶ added in v1.17.3
func (d *DefaultAuthChecker) Cache() *cache.CacheManager
Cache 获取缓存统一管理
func (*DefaultAuthChecker) CheckClientPermission ¶ added in v1.17.3
func (d *DefaultAuthChecker) CheckClientPermission(preCtx *model.AcquireContext) (bool, error)
CheckClientPermission 执行检查客户端动作判断是否有权限,并且对 RequestContext 注入操作者数据
func (*DefaultAuthChecker) CheckConsolePermission ¶ added in v1.17.3
func (d *DefaultAuthChecker) CheckConsolePermission(preCtx *model.AcquireContext) (bool, error)
CheckConsolePermission 执行检查控制台动作判断是否有权限,并且对 RequestContext 注入操作者数据
func (*DefaultAuthChecker) CheckPermission ¶ added in v1.17.3
func (d *DefaultAuthChecker) CheckPermission(authCtx *model.AcquireContext) (bool, error)
CheckPermission 执行检查动作判断是否有权限
step 1. 判断是否开启了鉴权 step 2. 对token进行检查判断 case 1. 如果 token 被禁用 a. 读操作,直接放通 b. 写操作,快速失败 step 3. 拉取token对应的操作者相关信息,注入到请求上下文中 step 4. 进行权限检查
func (*DefaultAuthChecker) DecodeToken ¶ added in v1.17.3
func (d *DefaultAuthChecker) DecodeToken(t string) (OperatorInfo, error)
DecodeToken
func (*DefaultAuthChecker) Initialize ¶ added in v1.17.3
func (d *DefaultAuthChecker) Initialize(options *auth.Config, s store.Store, cacheMgn *cache.CacheManager) error
Initialize 执行初始化动作
func (*DefaultAuthChecker) IsOpenAuth ¶ added in v1.17.3
func (d *DefaultAuthChecker) IsOpenAuth() bool
IsOpenAuth 返回对于控制台/客户端任意其中的一个是否开启了操作鉴权
func (*DefaultAuthChecker) IsOpenClientAuth ¶ added in v1.17.3
func (d *DefaultAuthChecker) IsOpenClientAuth() bool
IsOpenClientAuth 针对客户端是否开启了操作鉴权
func (*DefaultAuthChecker) IsOpenConsoleAuth ¶ added in v1.17.3
func (d *DefaultAuthChecker) IsOpenConsoleAuth() bool
IsOpenConsoleAuth 针对控制台是否开启了操作鉴权
func (*DefaultAuthChecker) SetCacheMgr ¶ added in v1.17.3
func (d *DefaultAuthChecker) SetCacheMgr(mgr *cache.CacheManager)
func (*DefaultAuthChecker) VerifyCredential ¶ added in v1.17.3
func (d *DefaultAuthChecker) VerifyCredential(authCtx *model.AcquireContext) error
VerifyCredential 对 token 进行检查验证,并将 verify 过程中解析出的数据注入到 model.AcquireContext 中 step 1. 首先对 token 进行解析,获取相关的数据信息,注入到整个的 AcquireContext 中 step 2. 最后对 token 进行一些验证步骤的执行 step 3. 兜底措施:如果开启了鉴权的非严格模式,则根据错误的类型,判断是否转为匿名用户进行访问
- 如果是访问权限控制相关模块(用户、用户组、权限策略),不得转为匿名用户
type GroupAuthAbility ¶ added in v1.17.3
type GroupAuthAbility struct {
// contains filtered or unexported fields
}
func NewGroupAuthAbility ¶ added in v1.17.3
func NewGroupAuthAbility(authMgn *DefaultAuthChecker, target *Server) *GroupAuthAbility
func (*GroupAuthAbility) CreateGroup ¶ added in v1.17.3
func (svr *GroupAuthAbility) CreateGroup(ctx context.Context, group *apisecurity.UserGroup) *apiservice.Response
CreateGroup creates a group.
func (*GroupAuthAbility) DeleteGroups ¶ added in v1.17.3
func (svr *GroupAuthAbility) DeleteGroups(ctx context.Context, reqs []*apisecurity.UserGroup) *apiservice.BatchWriteResponse
DeleteGroups deletes groups.
func (*GroupAuthAbility) GetGroup ¶ added in v1.17.3
func (svr *GroupAuthAbility) GetGroup(ctx context.Context, req *apisecurity.UserGroup) *apiservice.Response
GetGroup 查看用户组
func (*GroupAuthAbility) GetGroupToken ¶ added in v1.17.3
func (svr *GroupAuthAbility) GetGroupToken(ctx context.Context, req *apisecurity.UserGroup) *apiservice.Response
GetGroupToken 获取用户组token
func (*GroupAuthAbility) GetGroups ¶ added in v1.17.3
func (svr *GroupAuthAbility) GetGroups(ctx context.Context, query map[string]string) *apiservice.BatchQueryResponse
GetGroups 查看用户组列表
func (*GroupAuthAbility) ResetGroupToken ¶ added in v1.17.3
func (svr *GroupAuthAbility) ResetGroupToken(ctx context.Context, group *apisecurity.UserGroup) *apiservice.Response
ResetGroupToken 重置用户组token
func (*GroupAuthAbility) UpdateGroupToken ¶ added in v1.17.3
func (svr *GroupAuthAbility) UpdateGroupToken(ctx context.Context, group *apisecurity.UserGroup) *apiservice.Response
UpdateGroupToken 更新用户组token
func (*GroupAuthAbility) UpdateGroups ¶ added in v1.17.3
func (svr *GroupAuthAbility) UpdateGroups(ctx context.Context, reqs []*apisecurity.ModifyUserGroup) *apiservice.BatchWriteResponse
UpdateGroups updates groups.
type OperatorInfo ¶
type OperatorInfo struct { // Origin 原始 token 字符串 Origin string // OperatorID 当前 token 绑定的 用户/用户组 ID OperatorID string // OwnerID 当前用户/用户组对应的 owner OwnerID string // Role 如果当前是 user token 的话,该值才能有信息 Role model.UserRoleType // IsUserToken 当前 token 是否是 user 的 token IsUserToken bool // Disable 标识用户 token 是否被禁用 Disable bool // 是否属于匿名操作者 Anonymous bool }
OperatorInfo 根据 token 解析出来的具体额外信息
func (*OperatorInfo) String ¶
func (t *OperatorInfo) String() string
type Server ¶ added in v1.17.3
type Server struct {
// contains filtered or unexported fields
}
func NewServer ¶ added in v1.17.3
func NewServer(storage store.Store, history plugin.History, cacheMgn *cache.CacheManager, authMgn *DefaultAuthChecker) *Server
func (*Server) AfterResourceOperation ¶ added in v1.17.3
func (svr *Server) AfterResourceOperation(afterCtx *model.AcquireContext) error
AfterResourceOperation 对于资源的添加删除操作,需要执行后置逻辑 所有子用户或者用户分组,都默认获得对所创建的资源的写权限
func (*Server) CreateGroup ¶ added in v1.17.3
func (svr *Server) CreateGroup(ctx context.Context, req *apisecurity.UserGroup) *apiservice.Response
CreateGroup create a group
func (*Server) CreateStrategy ¶ added in v1.17.3
func (svr *Server) CreateStrategy(ctx context.Context, req *apisecurity.AuthStrategy) *apiservice.Response
CreateStrategy 创建鉴权策略
func (*Server) CreateUser ¶ added in v1.17.3
func (svr *Server) CreateUser(ctx context.Context, req *apisecurity.User) *apiservice.Response
CreateUser 创建用户
func (*Server) CreateUsers ¶ added in v1.17.3
func (svr *Server) CreateUsers(ctx context.Context, req []*apisecurity.User) *apiservice.BatchWriteResponse
CreateUsers 批量创建用户
func (*Server) DeleteGroup ¶ added in v1.17.3
func (svr *Server) DeleteGroup(ctx context.Context, req *apisecurity.UserGroup) *apiservice.Response
DeleteGroup 删除用户组
func (*Server) DeleteGroups ¶ added in v1.17.3
func (svr *Server) DeleteGroups(ctx context.Context, reqs []*apisecurity.UserGroup) *apiservice.BatchWriteResponse
DeleteGroups 批量删除用户组
func (*Server) DeleteStrategies ¶ added in v1.17.3
func (svr *Server) DeleteStrategies( ctx context.Context, reqs []*apisecurity.AuthStrategy) *apiservice.BatchWriteResponse
DeleteStrategies 批量删除鉴权策略
func (*Server) DeleteStrategy ¶ added in v1.17.3
func (svr *Server) DeleteStrategy(ctx context.Context, req *apisecurity.AuthStrategy) *apiservice.Response
DeleteStrategy 删除鉴权策略 Case 1. 只有该策略的 owner 账户可以删除策略 Case 2. 默认策略不能被删除,默认策略只能随着账户的删除而被清理
func (*Server) DeleteUser ¶ added in v1.17.3
func (svr *Server) DeleteUser(ctx context.Context, req *apisecurity.User) *apiservice.Response
DeleteUser 删除用户 Case 1. 删除主账户,主账户不能自己删除自己 Case 2. 删除主账户,如果主账户下还存在子账户,必须先删除子账户,才能删除主账户 Case 3. 主账户角色下,只能删除自己创建的子账户 Case 4. 超级账户角色下,可以删除任意账户
func (*Server) DeleteUsers ¶ added in v1.17.3
func (svr *Server) DeleteUsers(ctx context.Context, reqs []*apisecurity.User) *apiservice.BatchWriteResponse
DeleteUsers 批量删除用户
func (*Server) GetGroup ¶ added in v1.17.3
func (svr *Server) GetGroup(ctx context.Context, req *apisecurity.UserGroup) *apiservice.Response
GetGroup 查看对应用户组下的用户信息
func (*Server) GetGroupToken ¶ added in v1.17.3
func (svr *Server) GetGroupToken(ctx context.Context, req *apisecurity.UserGroup) *apiservice.Response
GetGroupToken 查看用户组的token
func (*Server) GetGroups ¶ added in v1.17.3
func (svr *Server) GetGroups(ctx context.Context, query map[string]string) *apiservice.BatchQueryResponse
GetGroups 查看用户组
func (*Server) GetPrincipalResources ¶ added in v1.17.3
func (svr *Server) GetPrincipalResources(ctx context.Context, query map[string]string) *apiservice.Response
GetPrincipalResources 获取某个principal可以获取到的所有资源ID数据信息
func (*Server) GetStrategies ¶ added in v1.17.3
func (svr *Server) GetStrategies(ctx context.Context, query map[string]string) *apiservice.BatchQueryResponse
GetStrategies 查询鉴权策略列表 Case 1. 如果是以资源视角来查询鉴权策略,那么就会忽略自动根据账户类型进行数据查看的限制
eg. 比如当前子账户A想要查看资源R的相关的策略,那么不在会自动注入 principal_id 以及 principal_type 的查询条件
Case 2. 如果是以用户视角来查询鉴权策略,如果没有带上 principal_id,那么就会根据账户类型自动注入 principal_id 以
及 principal_type 的查询条件,从而限制该账户的数据查看 eg. a. 如果当前是超级管理账户,则按照传入的 query 进行查询即可 b. 如果当前是主账户,则自动注入 owner 字段,即只能查看策略的 owner 是自己的策略 c. 如果当前是子账户,则自动注入 principal_id 以及 principal_type 字段,即稚嫩查询与自己有关的策略
func (*Server) GetStrategy ¶ added in v1.17.3
func (svr *Server) GetStrategy(ctx context.Context, req *apisecurity.AuthStrategy) *apiservice.Response
GetStrategy 根据策略ID获取详细的鉴权策略 Case 1 如果当前操作者是该策略 principal 中的一员,则可以查看 Case 2 如果当前操作者是该策略的 owner,则可以查看 Case 3 如果当前操作者是admin角色,直接查看
func (*Server) GetUserToken ¶ added in v1.17.3
func (svr *Server) GetUserToken(ctx context.Context, req *apisecurity.User) *apiservice.Response
GetUserToken 获取用户 token
func (*Server) GetUsers ¶ added in v1.17.3
func (svr *Server) GetUsers(ctx context.Context, query map[string]string) *apiservice.BatchQueryResponse
GetUsers 查询用户列表
func (*Server) Login ¶ added in v1.17.3
func (svr *Server) Login(req *apisecurity.LoginRequest) *apiservice.Response
Login 登录动作
func (*Server) RecordHistory ¶ added in v1.17.3
func (svr *Server) RecordHistory(entry *model.RecordEntry)
RecordHistory Server对外提供history插件的简单封装
func (*Server) ResetGroupToken ¶ added in v1.17.3
func (svr *Server) ResetGroupToken(ctx context.Context, req *apisecurity.UserGroup) *apiservice.Response
ResetGroupToken 刷新用户组的token
func (*Server) ResetUserToken ¶ added in v1.17.3
func (svr *Server) ResetUserToken(ctx context.Context, req *apisecurity.User) *apiservice.Response
ResetUserToken 重置用户 token
func (*Server) UpdateGroup ¶ added in v1.17.3
func (svr *Server) UpdateGroup(ctx context.Context, req *apisecurity.ModifyUserGroup) *apiservice.Response
UpdateGroup 更新用户组
func (*Server) UpdateGroupToken ¶ added in v1.17.3
func (svr *Server) UpdateGroupToken(ctx context.Context, req *apisecurity.UserGroup) *apiservice.Response
UpdateGroupToken 调整用户组 token 的使用状态 (禁用|开启)
func (*Server) UpdateGroups ¶ added in v1.17.3
func (svr *Server) UpdateGroups( ctx context.Context, groups []*apisecurity.ModifyUserGroup) *apiservice.BatchWriteResponse
UpdateGroups 批量修改用户组
func (*Server) UpdateStrategies ¶ added in v1.17.3
func (svr *Server) UpdateStrategies( ctx context.Context, reqs []*apisecurity.ModifyAuthStrategy) *apiservice.BatchWriteResponse
UpdateStrategies 批量修改鉴权
func (*Server) UpdateStrategy ¶ added in v1.17.3
func (svr *Server) UpdateStrategy(ctx context.Context, req *apisecurity.ModifyAuthStrategy) *apiservice.Response
UpdateStrategy 实现鉴权策略的变更 Case 1. 修改的是默认鉴权策略的话,只能修改资源,不能添加、删除用户 or 用户组 Case 2. 鉴权策略只能被自己的 owner 对应的用户修改 Case 3. 主账户的默认策略不得修改
func (*Server) UpdateUser ¶ added in v1.17.3
func (svr *Server) UpdateUser(ctx context.Context, req *apisecurity.User) *apiservice.Response
UpdateUser 更新用户信息,仅能修改 comment 以及账户密码
func (*Server) UpdateUserPassword ¶ added in v1.17.3
func (svr *Server) UpdateUserPassword(ctx context.Context, req *apisecurity.ModifyUserPassword) *apiservice.Response
UpdateUserPassword 更新用户密码信息
func (*Server) UpdateUserToken ¶ added in v1.17.3
func (svr *Server) UpdateUserToken(ctx context.Context, req *apisecurity.User) *apiservice.Response
UpdateUserToken 更新用户 token
type StrategyAuthAbility ¶ added in v1.17.3
type StrategyAuthAbility struct {
// contains filtered or unexported fields
}
func NewStrategyAuthAbility ¶ added in v1.17.3
func NewStrategyAuthAbility(authMgn *DefaultAuthChecker, target *Server) *StrategyAuthAbility
func (*StrategyAuthAbility) AfterResourceOperation ¶ added in v1.17.3
func (svr *StrategyAuthAbility) AfterResourceOperation(afterCtx *model.AcquireContext) error
AfterResourceOperation is called after resource operation
func (*StrategyAuthAbility) CreateStrategy ¶ added in v1.17.3
func (svr *StrategyAuthAbility) CreateStrategy( ctx context.Context, strategy *apisecurity.AuthStrategy) *apiservice.Response
CreateStrategy creates a new strategy.
func (*StrategyAuthAbility) DeleteStrategies ¶ added in v1.17.3
func (svr *StrategyAuthAbility) DeleteStrategies(ctx context.Context, reqs []*apisecurity.AuthStrategy) *apiservice.BatchWriteResponse
DeleteStrategies delete strategy.
func (*StrategyAuthAbility) GetAuthChecker ¶ added in v1.17.3
func (svr *StrategyAuthAbility) GetAuthChecker() auth.AuthChecker
GetAuthChecker 获取鉴权管理器
func (*StrategyAuthAbility) GetPrincipalResources ¶ added in v1.17.3
func (svr *StrategyAuthAbility) GetPrincipalResources(ctx context.Context, query map[string]string) *apiservice.Response
GetPrincipalResources get principal resources.
func (*StrategyAuthAbility) GetStrategies ¶ added in v1.17.3
func (svr *StrategyAuthAbility) GetStrategies(ctx context.Context, query map[string]string) *apiservice.BatchQueryResponse
GetStrategies get strategy list .
func (*StrategyAuthAbility) GetStrategy ¶ added in v1.17.3
func (svr *StrategyAuthAbility) GetStrategy( ctx context.Context, strategy *apisecurity.AuthStrategy) *apiservice.Response
GetStrategy get strategy.
func (*StrategyAuthAbility) Initialize ¶ added in v1.17.3
func (svr *StrategyAuthAbility) Initialize(authOpt *auth.Config, storage store.Store, cacheMgn *cache.CacheManager) error
Initialize 执行初始化动作
func (*StrategyAuthAbility) Name ¶ added in v1.17.3
func (svr *StrategyAuthAbility) Name() string
Name of the user operator plugin
func (*StrategyAuthAbility) UpdateStrategies ¶ added in v1.17.3
func (svr *StrategyAuthAbility) UpdateStrategies(ctx context.Context, reqs []*apisecurity.ModifyAuthStrategy) *apiservice.BatchWriteResponse
UpdateStrategies update a strategy.
type StrategyDetail2Api ¶
type StrategyDetail2Api func(user *model.StrategyDetail) *apisecurity.AuthStrategy
StrategyDetail2Api strategy detail to *apisecurity.AuthStrategy func
type User2Api ¶
type User2Api func(user *model.User) *apisecurity.User
User2Api convert user to api.User
type UserAuthAbility ¶ added in v1.17.3
type UserAuthAbility struct { *GroupAuthAbility // contains filtered or unexported fields }
func NewUserAuthAbility ¶ added in v1.17.3
func NewUserAuthAbility(authMgn *DefaultAuthChecker, target *Server) *UserAuthAbility
func (*UserAuthAbility) CreateUsers ¶ added in v1.17.3
func (svr *UserAuthAbility) CreateUsers(ctx context.Context, req []*apisecurity.User) *apiservice.BatchWriteResponse
CreateUsers 创建用户,只能由超级账户 or 主账户调用
case 1. 超级账户调用:创建的是主账户 case 2. 主账户调用:创建的是子账户
func (*UserAuthAbility) DeleteUser ¶ added in v1.17.3
func (svr *UserAuthAbility) DeleteUser(ctx context.Context, user *apisecurity.User) *apiservice.Response
DeleteUser 删除用户,只能由超级账户 or 主账户操作
func (*UserAuthAbility) DeleteUsers ¶ added in v1.17.3
func (svr *UserAuthAbility) DeleteUsers( ctx context.Context, reqs []*apisecurity.User) *apiservice.BatchWriteResponse
DeleteUsers 批量删除用户,只能由超级账户 or 主账户操作
func (*UserAuthAbility) GetUserToken ¶ added in v1.17.3
func (svr *UserAuthAbility) GetUserToken(ctx context.Context, user *apisecurity.User) *apiservice.Response
GetUserToken 获取用户token,任意账户均可以操作
func (*UserAuthAbility) GetUsers ¶ added in v1.17.3
func (svr *UserAuthAbility) GetUsers(ctx context.Context, filter map[string]string) *apiservice.BatchQueryResponse
GetUsers 获取用户列表,任意账户均可以操作
func (*UserAuthAbility) Initialize ¶ added in v1.17.3
func (svr *UserAuthAbility) Initialize(authOpt *auth.Config, storage store.Store, cacheMgn *cache.CacheManager) error
Initialize 执行初始化动作
func (*UserAuthAbility) Login ¶ added in v1.17.3
func (svr *UserAuthAbility) Login(req *apisecurity.LoginRequest) *apiservice.Response
Login login Servers
func (*UserAuthAbility) Name ¶ added in v1.17.3
func (svr *UserAuthAbility) Name() string
Name of the user operator plugin
func (*UserAuthAbility) ResetUserToken ¶ added in v1.17.3
func (svr *UserAuthAbility) ResetUserToken(ctx context.Context, user *apisecurity.User) *apiservice.Response
ResetUserToken 重置用户token,允许子账户进行操作
func (*UserAuthAbility) UpdateUser ¶ added in v1.17.3
func (svr *UserAuthAbility) UpdateUser(ctx context.Context, user *apisecurity.User) *apiservice.Response
UpdateUser 更新用户,任意账户均可以操作 用户token被禁止也只是表示不能对北极星资源执行写操作,但是改用户信息还是可以执行的
func (*UserAuthAbility) UpdateUserPassword ¶ added in v1.17.3
func (svr *UserAuthAbility) UpdateUserPassword( ctx context.Context, req *apisecurity.ModifyUserPassword) *apiservice.Response
UpdateUserPassword 更新用户信息
func (*UserAuthAbility) UpdateUserToken ¶ added in v1.17.3
func (svr *UserAuthAbility) UpdateUserToken(ctx context.Context, user *apisecurity.User) *apiservice.Response
UpdateUserToken 更新用户的 token 状态,只允许超级、主账户进行操作
type UserGroup2Api ¶
type UserGroup2Api func(user *model.UserGroup) *apisecurity.UserGroup
UserGroup2Api is the user group to api