mcclient

package
v0.3.10-0-alpha.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 28, 2022 License: Apache-2.0, Apache-2.0 Imports: 27 Imported by: 264

README

Yunion OneCloud API go library

Login to first controlplane node of your cluster and execute ocadm cluster rcadmin to get auth info.

For example:

$ ocadm cluster rcadmin
export OS_AUTH_URL=https://10.127.100.2:30500/v3
export OS_USERNAME=sysadmin
export OS_PASSWORD=7AQMP9H2umQvbxxx
export OS_PROJECT_DOMAIN=default
export OS_PROJECT_NAME=system
export YUNION_INSECURE=true
export OS_REGION_NAME=region0
export OS_ENDPOINT_TYPE=publicURL

Sample code

package main

import (
	"context"
	"fmt"

	"yunion.io/x/jsonutils"

	"yunion.io/x/onecloud/pkg/mcclient"
	modules "yunion.io/x/onecloud/pkg/mcclient/modules/compute"
)

func main() {
	client := mcclient.NewClient("https://10.127.100.2:30500/v3",
		60,
		true,
		true,
		"",
		"")
	token, err := client.Authenticate("sysadmin", "7AQMP9H2umQvbxxx", "Default", "system", "Default")
	if err != nil {
		panic(err)
	}
	s := client.NewSession(context.Background(),
		"region0",
		"",
		"publicURL",
		token,
		"")

	result, err := modules.Servers.List(s, nil)
	if err != nil {
		panic(err)
	}
	fmt.Printf("%s", jsonutils.Marshal(result).PrettyString())
}

Documentation

Index

Constants

View Source
const (
	AuthSourceWeb      = "web"
	AuthSourceAPI      = "api"
	AuthSourceCli      = "cli"
	AuthSourceSrv      = "srv"
	AuthSourceOperator = "operator"
)
View Source
const (
	TASK_ID         = "X-Task-Id"
	TASK_NOTIFY_URL = "X-Task-Notify-Url"
	AUTH_TOKEN      = api.AUTH_TOKEN_HEADER //  "X-Auth-Token"
	REGION_VERSION  = "X-Region-Version"

	DEFAULT_API_VERSION = "v1"
	V2_API_VERSION      = "v2"
)
View Source
const REGION_ZONE_SEP = '-'

Variables

View Source
var TokenCredentialType reflect.Type

Functions

func GetTokenHeaders

func GetTokenHeaders(userCred TokenCredential) http.Header

func Id2RegionZone

func Id2RegionZone(id string) (string, string)

func OwnerIdString

func OwnerIdString(owner IIdentityProvider, scope rbacutils.TRbacScope) string

func RegionID

func RegionID(region, zone string) string

func SplitVersionedURL

func SplitVersionedURL(url string) (string, string)

Types

type Client

type Client struct {
	// contains filtered or unexported fields
}

func NewClient

func NewClient(authUrl string, timeout int, debug bool, insecure bool, certFile, keyFile string) *Client

func (*Client) AuthVersion

func (this *Client) AuthVersion() string

func (*Client) Authenticate

func (this *Client) Authenticate(uname, passwd, domainName, tenantName, tenantDomain string) (TokenCredential, error)

func (*Client) AuthenticateApi

func (this *Client) AuthenticateApi(uname, passwd, domainName, tenantName, tenantDomain string) (TokenCredential, error)

func (*Client) AuthenticateByAccessKey

func (this *Client) AuthenticateByAccessKey(accessKey string, secret string, source string) (TokenCredential, error)

func (*Client) AuthenticateCAS

func (this *Client) AuthenticateCAS(idpId string, ticket, redurectUri string, projectId, projectName, projectDomain string, cliIp string) (TokenCredential, error)

func (*Client) AuthenticateOAuth2

func (this *Client) AuthenticateOAuth2(idpId, code string, projectId, projectName, projectDomain string, cliIp string) (TokenCredential, error)

func (*Client) AuthenticateOIDC

func (this *Client) AuthenticateOIDC(idpId, code, redirectUri string, projectId, projectName, projectDomain string, cliIp string) (TokenCredential, error)

func (*Client) AuthenticateOperator

func (this *Client) AuthenticateOperator(uname, passwd, domainName, tenantName, tenantDomain string) (TokenCredential, error)

func (*Client) AuthenticateSAML

func (this *Client) AuthenticateSAML(idpId string, response string, projectId, projectName, projectDomain string, cliIp string) (TokenCredential, error)

func (*Client) AuthenticateToken

func (this *Client) AuthenticateToken(token string, projName, projDomain string, source string) (TokenCredential, error)

func (*Client) AuthenticateVerify

func (this *Client) AuthenticateVerify(uid, contactType, verifyCode string, projectId, projectName, projectDomain string, cliIp string) (TokenCredential, error)

func (*Client) AuthenticateWeb

func (this *Client) AuthenticateWeb(uname, passwd, domainName, tenantName, tenantDomain string, cliIp string) (TokenCredential, error)

func (*Client) AuthenticateWithSource

func (this *Client) AuthenticateWithSource(uname, passwd, domainName, tenantName, tenantDomain string, source string) (TokenCredential, error)

func (*Client) FetchMatchPolicies

func (client *Client) FetchMatchPolicies(ctx context.Context, token TokenCredential) (*SFetchMatchPoliciesOutput, error)

func (*Client) GetClient

func (this *Client) GetClient() *http.Client

func (*Client) GetCommonEtcdEndpoint

func (this *Client) GetCommonEtcdEndpoint(token TokenCredential, region, interfaceType string) (*api.EndpointDetails, error)

func (*Client) GetCommonEtcdTLSConfig

func (this *Client) GetCommonEtcdTLSConfig(endpoint *api.EndpointDetails) (*tls.Config, error)

func (*Client) GetDebug

func (this *Client) GetDebug() bool

func (*Client) GetServiceCatalog

func (this *Client) GetServiceCatalog() IServiceCatalog

func (*Client) HttpClient

func (this *Client) HttpClient() *http.Client

func (*Client) NewAuthTokenCredential

func (this *Client) NewAuthTokenCredential() TokenCredential

func (*Client) NewSession

func (this *Client) NewSession(ctx context.Context, region, zone, endpointType string, token TokenCredential) *ClientSession

func (*Client) RegisterCatalogListener

func (cli *Client) RegisterCatalogListener(l IServiceCatalogChangeListener)

func (*Client) SetDebug

func (this *Client) SetDebug(debug bool)

func (*Client) SetHttpTransportProxyFunc

func (this *Client) SetHttpTransportProxyFunc(proxyFunc httputils.TransportProxyFunc)

func (*Client) SetProject

func (this *Client) SetProject(tenantId, tenantName, tenantDomain string, token TokenCredential) (TokenCredential, error)

func (*Client) SetServiceCatalog

func (cli *Client) SetServiceCatalog(catalog IServiceCatalog)

func (*Client) SetTenant

func (this *Client) SetTenant(tenantId, tenantName, tenantDomain string, token TokenCredential) (TokenCredential, error)

func (*Client) SetTransport

func (this *Client) SetTransport(ts http.RoundTripper)

func (*Client) Verify

func (this *Client) Verify(adminToken, token string) (cred TokenCredential, err error)

func (*Client) VerifyRequest

func (this *Client) VerifyRequest(req http.Request, aksk s3auth.IAccessKeySecretRequest, virtualHost bool) (*SAkskTokenCredential, error)

type ClientSession

type ClientSession struct {
	Header http.Header /// headers for this session
	// contains filtered or unexported fields
}

func (*ClientSession) GetClient

func (this *ClientSession) GetClient() *Client

func (*ClientSession) GetCommonEtcdEndpoint

func (cs *ClientSession) GetCommonEtcdEndpoint() (*api.EndpointDetails, error)

func (*ClientSession) GetContext

func (cs *ClientSession) GetContext() context.Context

func (*ClientSession) GetDomainId

func (this *ClientSession) GetDomainId() string

func (*ClientSession) GetDomainName

func (this *ClientSession) GetDomainName() string

func (*ClientSession) GetEndpointType

func (this *ClientSession) GetEndpointType() string

func (*ClientSession) GetProjectDomain

func (this *ClientSession) GetProjectDomain() string

func (*ClientSession) GetProjectDomainId

func (this *ClientSession) GetProjectDomainId() string

func (*ClientSession) GetProjectId

func (this *ClientSession) GetProjectId() string

func (*ClientSession) GetProjectName

func (this *ClientSession) GetProjectName() string

func (*ClientSession) GetRegion

func (this *ClientSession) GetRegion() string

func (*ClientSession) GetServiceCatalog

func (this *ClientSession) GetServiceCatalog() IServiceCatalog

func (*ClientSession) GetServiceURL

func (this *ClientSession) GetServiceURL(service, endpointType, apiVersion string) (string, error)

func (*ClientSession) GetServiceURLs

func (this *ClientSession) GetServiceURLs(service, endpointType, apiVersion string) ([]string, error)

func (*ClientSession) GetServiceVersionURL

func (this *ClientSession) GetServiceVersionURL(service, endpointType, apiVersion string) (string, error)

func (*ClientSession) GetServiceVersionURLs

func (this *ClientSession) GetServiceVersionURLs(service, endpointType, apiVersion string) ([]string, error)

func (*ClientSession) GetTenantId

func (this *ClientSession) GetTenantId() string

func (*ClientSession) GetTenantName

func (this *ClientSession) GetTenantName() string

func (*ClientSession) GetToken

func (cs *ClientSession) GetToken() TokenCredential

func (*ClientSession) GetUserId

func (this *ClientSession) GetUserId() string

func (*ClientSession) HasSystemAdminPrivilege

func (this *ClientSession) HasSystemAdminPrivilege() bool

func (*ClientSession) JSONRequest

func (this *ClientSession) JSONRequest(service, endpointType string, method httputils.THttpMethod, url string, headers http.Header, body jsonutils.JSONObject) (http.Header, jsonutils.JSONObject, error)

func (*ClientSession) JSONVersionRequest

func (this *ClientSession) JSONVersionRequest(
	service, endpointType string, method httputils.THttpMethod, url string,
	headers http.Header, body jsonutils.JSONObject,
	apiVersion string,
) (http.Header, jsonutils.JSONObject, error)

func (*ClientSession) ParseJSONResponse

func (this *ClientSession) ParseJSONResponse(reqBody string, resp *http.Response, err error) (http.Header, jsonutils.JSONObject, error)

func (*ClientSession) PrepareTask

func (this *ClientSession) PrepareTask()

func (*ClientSession) RawBaseUrlRequest

func (this *ClientSession) RawBaseUrlRequest(
	service, endpointType string,
	method httputils.THttpMethod, url string,
	headers http.Header, body io.Reader,
	apiVersion string,
	baseurlFactory func(string) string,
) (*http.Response, error)

func (*ClientSession) RawRequest

func (this *ClientSession) RawRequest(service, endpointType string, method httputils.THttpMethod, url string, headers http.Header, body io.Reader) (*http.Response, error)

func (*ClientSession) RawVersionRequest

func (this *ClientSession) RawVersionRequest(
	service, endpointType string, method httputils.THttpMethod, url string,
	headers http.Header, body io.Reader,
	apiVersion string,
) (*http.Response, error)

func (*ClientSession) RemoveTaskNotifyUrl

func (this *ClientSession) RemoveTaskNotifyUrl()

func (*ClientSession) SetServiceUrl

func (this *ClientSession) SetServiceUrl(service, url string)

func (*ClientSession) SetTaskNotifyUrl

func (this *ClientSession) SetTaskNotifyUrl(url string)

func (*ClientSession) SetZone

func (this *ClientSession) SetZone(zone string)

func (*ClientSession) ToJson

func (this *ClientSession) ToJson() jsonutils.JSONObject

func (*ClientSession) WaitTaskNotify

func (this *ClientSession) WaitTaskNotify()

type Endpoint

type Endpoint struct {
	Id          string
	RegionId    string
	ServiceId   string
	ServiceName string
	Url         string
	Interface   string
}

type ExternalService

type ExternalService struct {
	Name string
	Url  string

	Service string
}

type IIdentityProvider

type IIdentityProvider interface {
	GetProjectId() string
	GetUserId() string
	GetTenantId() string
	GetProjectDomainId() string

	GetTenantName() string
	GetProjectName() string
	GetProjectDomain() string

	GetUserName() string
	GetDomainId() string
	GetDomainName() string
}

type IServiceCatalog

type IServiceCatalog interface {
	Len() int
	GetServiceURL(service, region, zone, endpointType string) (string, error)
	GetServiceURLs(service, region, zone, endpointType string) ([]string, error)
	GetInternalServices(region string) []string
	GetExternalServices(region string) []ExternalService
	GetServicesByInterface(region string, infType string) []ExternalService
}

type IServiceCatalogChangeListener

type IServiceCatalogChangeListener interface {
	OnServiceCatalogChange(catalog IServiceCatalog)
}

type KeystoneDomainV3

type KeystoneDomainV3 api.SIdentityObject

type KeystoneEndpointV2

type KeystoneEndpointV2 struct {
	// 接口ID
	Id string `json:"id"`
	// 内部URL
	InternalURL string `json:"internal_url"`
	// 外部URL
	PublicURL string `json:"public_url"`
	// 管理URL
	AdminURL string `json:"admin_url"`
	// 区域ID
	Region string `json:"region"`
}

type KeystoneEndpointV3

type KeystoneEndpointV3 struct {
	// endpoint ID
	// example: 75f4e36100184a5a8a3e36cb0f12aa87
	Id string `json:"id"`
	// endpoint接口类型,目前定义了一下集中类型
	//
	// | interface | 说明                                                   |
	// |-----------|--------------------------------------------------------|
	// | internal  | 内部接口,访问服务时默认用inernal类型的接口            |
	// | public    | 外部接口                                               |
	// | admin     | 管理类型接口,deprecated                               |
	// | console   | web控制台接口,指定显示在web控制台的外部服务的接口地址 |
	//
	Interface string `json:"interface"`
	// 区域名称
	Region string `json:"region"`
	// 区域ID
	RegionId string `json:"region_id"`
	// 接口URL
	Url string `json:"url"`
	// 接口名称
	Name string `json:"name"`
}

type KeystoneMetadataV2

type KeystoneMetadataV2 struct {
	// 是否为管理员
	IsAdmin int `json:"is_admin"`
	// 角色
	Roles []string `json:"roles"`
}

type KeystonePolicy

type KeystonePolicy struct {
	// 项目范围的权限
	Project []string
	// 域范围的权限
	Domain []string
	// 系统范围的权限
	System []string
}

type KeystoneProjectV3

type KeystoneProjectV3 struct {
	// 项目ID
	Id string
	// 项目名称
	Name string
	// 项目归属域
	Domain KeystoneDomainV3
}

type KeystoneRoleV2

type KeystoneRoleV2 struct {
	// 角色名称
	Name string `json:"name"`
	// 角色ID
	Id string `json:"id"`
}

type KeystoneRoleV3

type KeystoneRoleV3 api.SIdentityObject

type KeystoneServiceCatalogV2

type KeystoneServiceCatalogV2 []KeystoneServiceV2

func (KeystoneServiceCatalogV2) GetExternalServices

func (catalog KeystoneServiceCatalogV2) GetExternalServices(region string) []ExternalService

func (KeystoneServiceCatalogV2) GetInternalServices

func (catalog KeystoneServiceCatalogV2) GetInternalServices(region string) []string

func (KeystoneServiceCatalogV2) GetServiceURL

func (catalog KeystoneServiceCatalogV2) GetServiceURL(service, region, zone, endpointType string) (string, error)

func (KeystoneServiceCatalogV2) GetServiceURLs

func (catalog KeystoneServiceCatalogV2) GetServiceURLs(service, region, zone, endpointType string) ([]string, error)

func (KeystoneServiceCatalogV2) GetServicesByInterface

func (catalog KeystoneServiceCatalogV2) GetServicesByInterface(region string, infType string) []ExternalService

func (KeystoneServiceCatalogV2) Len

func (catalog KeystoneServiceCatalogV2) Len() int

type KeystoneServiceCatalogV3

type KeystoneServiceCatalogV3 []KeystoneServiceV3

func (KeystoneServiceCatalogV3) GetExternalServices

func (catalog KeystoneServiceCatalogV3) GetExternalServices(region string) []ExternalService

func (KeystoneServiceCatalogV3) GetInternalServices

func (catalog KeystoneServiceCatalogV3) GetInternalServices(region string) []string

func (KeystoneServiceCatalogV3) GetServiceURL

func (catalog KeystoneServiceCatalogV3) GetServiceURL(service, region, zone, endpointType string) (string, error)

func (KeystoneServiceCatalogV3) GetServiceURLs

func (catalog KeystoneServiceCatalogV3) GetServiceURLs(service, region, zone, endpointType string) ([]string, error)

func (KeystoneServiceCatalogV3) GetServicesByInterface

func (catalog KeystoneServiceCatalogV3) GetServicesByInterface(region string, infType string) []ExternalService

func (KeystoneServiceCatalogV3) Len

func (catalog KeystoneServiceCatalogV3) Len() int

type KeystoneServiceV2

type KeystoneServiceV2 struct {
	// 服务名称
	Name string `json:"name"`
	// 服务类型
	Type string `json:"type"`
	// 服务接口地址列表
	Endpoints []KeystoneEndpointV2 `json:"endpoints"`
}

type KeystoneServiceV3

type KeystoneServiceV3 struct {
	// service ID
	Id string `json:"id,omitempty"`
	// service Name
	Name string `json:"name,omitempty"`
	// service Type,例如identity, compute等
	Type string `json:"type,omitempty"`
	// service的访问endpoints
	Endpoints []KeystoneEndpointV3 `json:"endpoints,omitempty"`
}

type KeystoneTenantV2

type KeystoneTenantV2 struct {
	// 项目ID
	Id string `json:"id"`
	// 项目名称
	Name string `json:"name"`
	// 是否启用
	Enabled bool `json:"enabled"`
	// 描述
	Description string `json:"description"`
	// 项目归属域信息
	Domain struct {
		// 域ID
		Id string `json:"id"`
		// 域名称
		Name string `json:"name"`
	} `json:"domain"`
}

type KeystoneTokenV2

type KeystoneTokenV2 struct {
	// token
	Id string `json:"id"`
	// 过期时间(UTC)
	Expires time.Time `json:"expires"`
	// token有效的项目信息
	Tenant KeystoneTenantV2 `json:"tenant"`
}

type KeystoneTokenV3

type KeystoneTokenV3 struct {
	// AutdiIds, 没有什么用
	// swagger:ignore
	AuditIds []string `json:"audit_ids"`
	// token过期时间
	ExpiresAt time.Time `json:"expires_at"`
	// 是否为域的token
	IsDomain bool `json:"is_domain,allowfalse"`
	// token颁发时间
	IssuedAt time.Time `json:"issued_at"`
	// 获取token的认证方式
	Methods []string `json:"methods"`
	// token的关联项目,如果用户认证时scope为项目,则为改指定项目的信息
	Project KeystoneProjectV3 `json:"project"`
	// token的关联用户在关联项目的权限信息,只有项目scope的token才有这个属性
	Policies KeystonePolicy `json:"policies"`
	// token的关联用户在关联项目的角色列表,只有项目scope的token才有这个属性
	Roles []KeystoneRoleV3 `json:"roles"`
	// token的关联用户信息
	User KeystoneUserV3 `json:"user"`
	// 服务目录
	Catalog KeystoneServiceCatalogV3 `json:"catalog"`
	// 认证上下文
	Context SAuthContext `json:"context"`

	// 当用户认证时未指定scope时,会返回该用户所有的项目
	Projects []KeystoneProjectV3 `json:"projects"`
	// 返回用户在所有项目的所有角色信息
	RoleAssignments []api.SRoleAssignment `json:"role_assignments"`

	// 如果时AK/SK认证,返回用户的AccessKey/Secret信息,用于客户端后续的AK/SK认证,避免频繁访问keystone进行AK/SK认证
	AccessKey api.SAccessKeySecretInfo `json:"access_key"`
}

type KeystoneUserV2

type KeystoneUserV2 struct {
	// 用户ID
	Id string `json:"id"`
	// 用户名
	Name string `json:"name"`
	// 用户username
	Username string `json:"username"`
	// 用户角色列表
	Roles []KeystoneRoleV2 `json:"roles"`
}

type KeystoneUserV3

type KeystoneUserV3 struct {
	// 用户ID
	Id string
	// 用户名称
	Name string
	// 用户归属域
	Domain KeystoneDomainV3
	// 用户密码过期时间
	PasswordExpiresAt time.Time

	// 用户的显式名称,通常为中文名
	Displayname string
	// 用户Email
	Email string
	// 用户手机号
	Mobile string
}

type SAkskTokenCredential

type SAkskTokenCredential struct {
	AccessKeySecret api.SAccessKeySecretInfo
	Token           TokenCredential
}

type SAuthContext

type SAuthContext struct {
	// 认证来源类型, 可能的值有:
	//
	// | source   | 说明                      |
	// |----------|---------------------------|
	// | web      | 通过web控制台认证         |
	// | api      | api调用认证               |
	// | cli      | climc客户端认证           |
	// | srv      | 作为服务认证              |
	// | operator | 作为onecloud-operator认证 |
	//
	Source string `json:"source,omitempty"`
	// 认证来源IP
	Ip string `json:"ip,omitempty"`
}

type SAuthenticationIdentity

type SAuthenticationIdentity struct {
	// ID of identity provider, optional
	// required:false
	Id string `json:"id,omitempty"`
	// 认证方式列表,支持认证方式如下:
	//
	// | method   | 说明                                                                |
	// |----------|--------------------------------------------------------------------|
	// | password | 用户名密码认证                                                       |
	// | token    | token认证,已经通过其他方式获得token之后,可以用旧的token认证获得新的token   |
	// | aksk     | Access Key/Secret key认证                                           |
	// | cas      | 通过SSO统一认证平台CAS认证                                             |
	// | saml     | 作为SAML 2.0 SP通过IDP认证                                            |
	// | oidc     | 作为OpenID Connect/OAuth2 Client认证                                 |
	// | oauth2   | OAuth2认证                                                          |
	// | verify   | 手机短信或邮箱认证                                                     |
	//
	Methods []string `json:"methods,omitempty"`
	// 当认证方式为password时,通过该字段提供密码认证信息
	Password struct {
		User struct {
			// 用户ID
			Id string `json:"id,omitempty"`
			// 用户名称
			Name string `json:"name,omitempty"`
			// 密码
			Password string `json:"password,omitempty"`
			// 用户所属域的信息
			Domain struct {
				// 域ID
				Id string `json:"id,omitempty"`
				// 域名称
				Name string `json:"name,omitempty"`
			}
		} `json:"user,omitempty"`
	} `json:"password,omitempty"`
	// 当认证方式为token时,通过该字段提供token认证信息
	Token struct {
		// token
		Id string `json:"id,omitempty"`
	} `json:"token,omitempty"`
	// 当认证方式为aksk时,通过该字段提供客户端AK/SK信息
	// 为了兼容不同版本的AK/SK认证方式,使用编码后的字符串传递该信息
	AccessKeyRequest string `json:"access_key_secret,omitempty"`
	// 当认证方式为cas时,通过该字段提供CAS认证的ID
	// required:false
	CASTicket struct {
		Id      string `json:"id,omitempty"`
		Service string `json:"service,omitempty"`
	} `json:"cas_ticket,omitempty"`
	// 当认证方式为saml时,通过该字段提供SAML认证的Response信息
	SAMLAuth struct {
		Response string `json:"response,omitempty"`
	} `json:"saml_auth,omitempty"`
	OIDCAuth struct {
		Code        string `json:"code,omitempty"`
		RedirectUri string `json:"redirect_uri,omitempty"`
	} `json:"oidc_auth,omitempty"`
	OAuth2 struct {
		Code string `json:"code,omitempty"`
	} `json:"oauth2,omitempty"`
	Verify struct {
		Uid         string `json:"uid,omitempty"`
		VerifyCode  string `json:"verify_code,omitempty"`
		ContactType string `json:"contact_type,omitempty"`
	} `json:"mobile,omitempty"`
}

type SAuthenticationInputV2

type SAuthenticationInputV2 struct {
	// keystone v2 认证接口认证信息
	// required:true
	Auth struct {
		// 如果使用用户名/密码认证,则需要设置passwordCredentials
		PasswordCredentials struct {
			// 用户名
			Username string `json:"username,omitempty"`
			// 用户密码
			Password string `json:"password,omitempty"`
		} `json:"passwordCredentials,omitempty"`
		// 指定认证用户的所属项目名称,该字段和tenantId二选一,或者不设置。
		// 如果不提供tenantName和tenantId,则用户认证成功后,获得一个unscoped token
		// 此时,如果用户需要访问具体项目的资源,还是需要用unscoped token进行认证,获得指定项目的token
		// required:false
		TenantName string `json:"tenantName,omitempty"`
		// 指定认证用户的所属项目ID,该字段和tenantName二选一,或者不设置。
		// required:false
		TenantId string `json:"tenantId,omitempty"`
		// 如果使用token认证,则需要设置token.Id
		Token struct {
			// token的字符串
			Id string `json:"id,omitempty"`
		} `json:"token,omitempty"`
		// 认证上下文
		// required:false
		Context SAuthContext `json:"context,omitempty"`
	} `json:"auth,omitempty"`
}

type SAuthenticationInputV3

type SAuthenticationInputV3 struct {
	// keystone v3 认证接口认证信息
	// required:true
	Auth struct {
		// 认证信息
		// required:true
		Identity SAuthenticationIdentity `json:"identity,omitempty"`
		// 指定认证范围, 该字段可选。如果未指定scope,则用户认证成功后获得一个unscoped token,
		// 当用户需要访问指定项目的资源时,需要通过该unscope token进行认证,获得该项目scope的token
		// 目前只支持Project scope的token
		// required:false
		Scope struct {
			// 指定token的scope为指定的项目
			// required:false
			Project struct {
				// 指定项目的ID,由于ID全局唯一,因此指定ID后不需要指定项目所在的域(Domain),ID和Name只需要指定其中一个
				// required:false
				Id string `json:"id,omitempty"`
				// 指定项目的Name,指定Name时,需要指定项目所在的域(domain)
				// required:false
				Name string `json:"name,omitempty"`
				// 指定项目所在的域(domain)
				// required:false
				Domain struct {
					// 指定项目所在域的ID,ID和Name只需要指定其中一个
					// required:false
					Id string `json:"id,omitempty"`
					// 指定项目所在域的Name
					// required:false
					Name string `json:"name,omitempty"`
				} `json:"domain,omitempty"`
			} `json:"project,omitempty"`
			// 指定token的scope为指定的域
			// required:false
			Domain struct {
				// 指定domain的ID,ID和Name只需要指定其中一个
				// required:false
				Id string `json:"id,omitempty"`
				// 指定Domain的Name
				// required:false
				Name string `json:"name,omitempty"`
			} `json:"domain,omitempty"`
		} `json:"scope,omitempty"`
		// 认证上下文
		// required:false
		Context SAuthContext `json:"context,omitempty"`
	} `json:"auth,omitempty"`
}

type SFetchMatchPoliciesOutput

type SFetchMatchPoliciesOutput struct {
	Names    map[rbacutils.TRbacScope][]string `json:"names"`
	Policies rbacutils.TPolicyGroup            `json:"policies"`
}

func (*SFetchMatchPoliciesOutput) Decode

func (SFetchMatchPoliciesOutput) Encode

type SSimpleToken

type SSimpleToken struct {
	Token     string
	Domain    string
	DomainId  string
	User      string
	UserId    string
	Project   string `json:"tenant"`
	ProjectId string `json:"tenant_id"`

	ProjectDomain   string
	ProjectDomainId string

	Roles   string
	RoleIds string
	Expires time.Time

	Context SAuthContext
}

func (*SSimpleToken) GetCatalogData

func (self *SSimpleToken) GetCatalogData(serviceTypes []string, region string) jsonutils.JSONObject

func (*SSimpleToken) GetDomainId

func (self *SSimpleToken) GetDomainId() string

func (*SSimpleToken) GetDomainName

func (self *SSimpleToken) GetDomainName() string

func (*SSimpleToken) GetEndpoints

func (this *SSimpleToken) GetEndpoints(region string, endpointType string) []Endpoint

func (*SSimpleToken) GetExpires

func (self *SSimpleToken) GetExpires() time.Time

func (*SSimpleToken) GetExternalServices

func (self *SSimpleToken) GetExternalServices(region string) []ExternalService

func (*SSimpleToken) GetInternalServices

func (self *SSimpleToken) GetInternalServices(region string) []string

func (*SSimpleToken) GetLoginIp

func (this *SSimpleToken) GetLoginIp() string

func (*SSimpleToken) GetLoginSource

func (this *SSimpleToken) GetLoginSource() string

func (*SSimpleToken) GetProjectDomain

func (self *SSimpleToken) GetProjectDomain() string

func (*SSimpleToken) GetProjectDomainId

func (self *SSimpleToken) GetProjectDomainId() string

func (*SSimpleToken) GetProjectId

func (self *SSimpleToken) GetProjectId() string

func (*SSimpleToken) GetProjectName

func (self *SSimpleToken) GetProjectName() string

func (*SSimpleToken) GetRegions

func (self *SSimpleToken) GetRegions() []string

func (*SSimpleToken) GetRoleIds

func (self *SSimpleToken) GetRoleIds() []string

func (*SSimpleToken) GetRoles

func (self *SSimpleToken) GetRoles() []string

func (*SSimpleToken) GetServiceCatalog

func (this *SSimpleToken) GetServiceCatalog() IServiceCatalog

func (*SSimpleToken) GetServiceURL

func (self *SSimpleToken) GetServiceURL(service, region, zone, endpointType string) (string, error)

func (*SSimpleToken) GetServiceURLs

func (self *SSimpleToken) GetServiceURLs(service, region, zone, endpointType string) ([]string, error)

func (*SSimpleToken) GetServicesByInterface

func (this *SSimpleToken) GetServicesByInterface(region string, infType string) []ExternalService

func (*SSimpleToken) GetTenantId

func (self *SSimpleToken) GetTenantId() string

func (*SSimpleToken) GetTenantName

func (self *SSimpleToken) GetTenantName() string

func (*SSimpleToken) GetTokenString

func (self *SSimpleToken) GetTokenString() string

func (*SSimpleToken) GetUserId

func (self *SSimpleToken) GetUserId() string

func (*SSimpleToken) GetUserName

func (self *SSimpleToken) GetUserName() string

func (*SSimpleToken) HasSystemAdminPrivilege

func (self *SSimpleToken) HasSystemAdminPrivilege() bool

func (*SSimpleToken) IsAdmin

func (self *SSimpleToken) IsAdmin() bool

func (*SSimpleToken) IsAllow

func (this *SSimpleToken) IsAllow(scope rbacutils.TRbacScope, service string, resource string, action string, extra ...string) rbacutils.SPolicyResult

func (*SSimpleToken) IsValid

func (self *SSimpleToken) IsValid() bool

func (*SSimpleToken) IsZero

func (self *SSimpleToken) IsZero() bool

func (*SSimpleToken) Len

func (self *SSimpleToken) Len() int

func (*SSimpleToken) String

func (self *SSimpleToken) String() string

func (*SSimpleToken) ToJson

func (self *SSimpleToken) ToJson() jsonutils.JSONObject

func (*SSimpleToken) ValidDuration

func (self *SSimpleToken) ValidDuration() time.Duration

type TokenCredential

type TokenCredential interface {
	gotypes.ISerializable

	IServiceCatalog

	IIdentityProvider

	GetTokenString() string
	GetRoles() []string
	GetRoleIds() []string
	GetExpires() time.Time
	IsValid() bool
	ValidDuration() time.Duration
	// IsAdmin() bool
	HasSystemAdminPrivilege() bool

	IsAllow(scope rbacutils.TRbacScope, service string, resource string, action string, extra ...string) rbacutils.SPolicyResult

	GetRegions() []string

	GetServiceCatalog() IServiceCatalog
	GetCatalogData(serviceTypes []string, region string) jsonutils.JSONObject

	GetEndpoints(region string, endpointType string) []Endpoint

	ToJson() jsonutils.JSONObject

	GetLoginSource() string
	GetLoginIp() string
}

func SimplifyToken

func SimplifyToken(token TokenCredential) TokenCredential

type TokenCredentialV2

type TokenCredentialV2 struct {
	// token信息
	Token KeystoneTokenV2 `json:"token"`
	// 服务目录
	ServiceCatalog KeystoneServiceCatalogV2 `json:"service_catalog"`
	// 认证用户信息
	User KeystoneUserV2 `json:"user"`
	// 用户所属项目列表
	Tenants []KeystoneTenantV2 `json:"tenants"`
	// 认证元数据
	Metadata KeystoneMetadataV2 `json:"metadata"`
	// 认证上下文
	Context SAuthContext `json:"context"`
}

Keystone token信息V2

func (*TokenCredentialV2) GetCatalogData

func (self *TokenCredentialV2) GetCatalogData(serviceTypes []string, region string) jsonutils.JSONObject

func (*TokenCredentialV2) GetDomainId

func (token *TokenCredentialV2) GetDomainId() string

func (*TokenCredentialV2) GetDomainName

func (token *TokenCredentialV2) GetDomainName() string

func (*TokenCredentialV2) GetEndpoints

func (this *TokenCredentialV2) GetEndpoints(region string, endpointType string) []Endpoint

func (*TokenCredentialV2) GetExpires

func (this *TokenCredentialV2) GetExpires() time.Time

func (*TokenCredentialV2) GetExternalServices

func (this *TokenCredentialV2) GetExternalServices(region string) []ExternalService

func (*TokenCredentialV2) GetInternalServices

func (this *TokenCredentialV2) GetInternalServices(region string) []string

func (*TokenCredentialV2) GetLoginIp

func (this *TokenCredentialV2) GetLoginIp() string

func (*TokenCredentialV2) GetLoginSource

func (this *TokenCredentialV2) GetLoginSource() string

func (*TokenCredentialV2) GetProjectDomain

func (token *TokenCredentialV2) GetProjectDomain() string

func (*TokenCredentialV2) GetProjectDomainId

func (token *TokenCredentialV2) GetProjectDomainId() string

func (*TokenCredentialV2) GetProjectId

func (token *TokenCredentialV2) GetProjectId() string

func (*TokenCredentialV2) GetProjectName

func (token *TokenCredentialV2) GetProjectName() string

func (*TokenCredentialV2) GetRegions

func (this *TokenCredentialV2) GetRegions() []string

func (*TokenCredentialV2) GetRoleIds

func (token *TokenCredentialV2) GetRoleIds() []string

func (*TokenCredentialV2) GetRoles

func (token *TokenCredentialV2) GetRoles() []string

func (*TokenCredentialV2) GetServiceCatalog

func (this *TokenCredentialV2) GetServiceCatalog() IServiceCatalog

func (*TokenCredentialV2) GetServiceURL

func (this *TokenCredentialV2) GetServiceURL(service, region, zone, endpointType string) (string, error)

func (*TokenCredentialV2) GetServiceURLs

func (this *TokenCredentialV2) GetServiceURLs(service, region, zone, endpointType string) ([]string, error)

func (*TokenCredentialV2) GetServicesByInterface

func (this *TokenCredentialV2) GetServicesByInterface(region string, infType string) []ExternalService

func (*TokenCredentialV2) GetTenantId

func (token *TokenCredentialV2) GetTenantId() string

func (*TokenCredentialV2) GetTenantName

func (token *TokenCredentialV2) GetTenantName() string

func (*TokenCredentialV2) GetTokenString

func (token *TokenCredentialV2) GetTokenString() string

func (*TokenCredentialV2) GetUserId

func (token *TokenCredentialV2) GetUserId() string

func (*TokenCredentialV2) GetUserName

func (token *TokenCredentialV2) GetUserName() string

func (*TokenCredentialV2) HasSystemAdminPrivilege

func (this *TokenCredentialV2) HasSystemAdminPrivilege() bool

func (*TokenCredentialV2) IsAdmin

func (this *TokenCredentialV2) IsAdmin() bool

func (*TokenCredentialV2) IsAllow

func (this *TokenCredentialV2) IsAllow(scope rbacutils.TRbacScope, service string, resource string, action string, extra ...string) rbacutils.SPolicyResult

func (*TokenCredentialV2) IsValid

func (this *TokenCredentialV2) IsValid() bool

func (*TokenCredentialV2) IsZero

func (self *TokenCredentialV2) IsZero() bool

func (*TokenCredentialV2) Len

func (this *TokenCredentialV2) Len() int

func (*TokenCredentialV2) String

func (self *TokenCredentialV2) String() string

func (*TokenCredentialV2) ToJson

func (self *TokenCredentialV2) ToJson() jsonutils.JSONObject

func (*TokenCredentialV2) ValidDuration

func (this *TokenCredentialV2) ValidDuration() time.Duration

type TokenCredentialV3

type TokenCredentialV3 struct {
	// keystone V3 token
	Token KeystoneTokenV3 `json:"token"`

	// swagger:ignore
	Id string `json:"id"`
}

func (*TokenCredentialV3) GetCatalogData

func (self *TokenCredentialV3) GetCatalogData(serviceTypes []string, region string) jsonutils.JSONObject

func (*TokenCredentialV3) GetDomainId

func (token *TokenCredentialV3) GetDomainId() string

func (*TokenCredentialV3) GetDomainName

func (token *TokenCredentialV3) GetDomainName() string

func (*TokenCredentialV3) GetEndpoints

func (this *TokenCredentialV3) GetEndpoints(region string, endpointType string) []Endpoint

func (*TokenCredentialV3) GetExpires

func (this *TokenCredentialV3) GetExpires() time.Time

func (*TokenCredentialV3) GetExternalServices

func (this *TokenCredentialV3) GetExternalServices(region string) []ExternalService

func (*TokenCredentialV3) GetInternalServices

func (this *TokenCredentialV3) GetInternalServices(region string) []string

func (*TokenCredentialV3) GetLoginIp

func (this *TokenCredentialV3) GetLoginIp() string

func (*TokenCredentialV3) GetLoginSource

func (this *TokenCredentialV3) GetLoginSource() string

func (*TokenCredentialV3) GetProjectDomain

func (token *TokenCredentialV3) GetProjectDomain() string

func (*TokenCredentialV3) GetProjectDomainId

func (token *TokenCredentialV3) GetProjectDomainId() string

func (*TokenCredentialV3) GetProjectId

func (token *TokenCredentialV3) GetProjectId() string

func (*TokenCredentialV3) GetProjectName

func (token *TokenCredentialV3) GetProjectName() string

func (*TokenCredentialV3) GetRegions

func (this *TokenCredentialV3) GetRegions() []string

func (*TokenCredentialV3) GetRoleIds

func (token *TokenCredentialV3) GetRoleIds() []string

func (*TokenCredentialV3) GetRoles

func (token *TokenCredentialV3) GetRoles() []string

func (*TokenCredentialV3) GetServiceCatalog

func (this *TokenCredentialV3) GetServiceCatalog() IServiceCatalog

func (*TokenCredentialV3) GetServiceURL

func (this *TokenCredentialV3) GetServiceURL(service, region, zone, endpointType string) (string, error)

func (*TokenCredentialV3) GetServiceURLs

func (this *TokenCredentialV3) GetServiceURLs(service, region, zone, endpointType string) ([]string, error)

func (*TokenCredentialV3) GetServicesByInterface

func (this *TokenCredentialV3) GetServicesByInterface(region string, infType string) []ExternalService

func (*TokenCredentialV3) GetTenantId

func (token *TokenCredentialV3) GetTenantId() string

func (*TokenCredentialV3) GetTenantName

func (token *TokenCredentialV3) GetTenantName() string

func (*TokenCredentialV3) GetTokenString

func (token *TokenCredentialV3) GetTokenString() string

func (*TokenCredentialV3) GetUserId

func (token *TokenCredentialV3) GetUserId() string

func (*TokenCredentialV3) GetUserName

func (token *TokenCredentialV3) GetUserName() string

func (*TokenCredentialV3) HasSystemAdminPrivilege

func (this *TokenCredentialV3) HasSystemAdminPrivilege() bool

func (*TokenCredentialV3) IsAdmin

func (this *TokenCredentialV3) IsAdmin() bool

func (*TokenCredentialV3) IsAllow

func (this *TokenCredentialV3) IsAllow(scope rbacutils.TRbacScope, service string, resource string, action string, extra ...string) rbacutils.SPolicyResult

func (*TokenCredentialV3) IsValid

func (this *TokenCredentialV3) IsValid() bool

func (*TokenCredentialV3) IsZero

func (self *TokenCredentialV3) IsZero() bool

func (*TokenCredentialV3) Len

func (this *TokenCredentialV3) Len() int

func (*TokenCredentialV3) String

func (self *TokenCredentialV3) String() string

func (*TokenCredentialV3) ToJson

func (self *TokenCredentialV3) ToJson() jsonutils.JSONObject

func (*TokenCredentialV3) ValidDuration

func (this *TokenCredentialV3) ValidDuration() time.Duration

type TokenManager

type TokenManager interface {
	Save(token TokenCredential) string
	Get(tid string) TokenCredential
	Remove(tid string)
}

func NewMapTokenManager

func NewMapTokenManager() TokenManager

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL