Documentation ¶
Index ¶
- Constants
- Variables
- func CatalogGetServiceURL(catalog IServiceCatalog, service, region, zone, endpointType string) (string, error)
- func CatalogGetServiceURLs(catalog IServiceCatalog, service, region, zone, endpointType string) ([]string, error)
- func GetTokenHeaders(userCred TokenCredential) http.Header
- func Id2RegionZone(id string) (string, string)
- func OwnerIdString(owner IIdentityProvider, scope rbacutils.TRbacScope) string
- func RegionID(region, zone string) string
- func SplitVersionedURL(url string) (string, string)
- type Client
- func (this *Client) AuthVersion() string
- func (this *Client) Authenticate(uname, passwd, domainName, tenantName, tenantDomain string) (TokenCredential, error)
- func (this *Client) AuthenticateApi(uname, passwd, domainName, tenantName, tenantDomain string) (TokenCredential, error)
- func (this *Client) AuthenticateByAccessKey(accessKey string, secret string, source string) (TokenCredential, error)
- func (this *Client) AuthenticateCAS(idpId string, ticket, redurectUri string, ...) (TokenCredential, error)
- func (this *Client) AuthenticateOAuth2(idpId, code string, projectId, projectName, projectDomain string, cliIp string) (TokenCredential, error)
- func (this *Client) AuthenticateOIDC(idpId, code, redirectUri string, projectId, projectName, projectDomain string, ...) (TokenCredential, error)
- func (this *Client) AuthenticateOperator(uname, passwd, domainName, tenantName, tenantDomain string) (TokenCredential, error)
- func (this *Client) AuthenticateSAML(idpId string, response string, projectId, projectName, projectDomain string, ...) (TokenCredential, error)
- func (this *Client) AuthenticateToken(token string, projName, projDomain string, source string) (TokenCredential, error)
- func (this *Client) AuthenticateVerify(uid, contactType, verifyCode string, ...) (TokenCredential, error)
- func (this *Client) AuthenticateWeb(uname, passwd, domainName, tenantName, tenantDomain string, cliIp string) (TokenCredential, error)
- func (this *Client) AuthenticateWithSource(uname, passwd, domainName, tenantName, tenantDomain string, source string) (TokenCredential, error)
- func (client *Client) FetchMatchPolicies(ctx context.Context, token TokenCredential) (*SFetchMatchPoliciesOutput, error)
- func (this *Client) GetClient() *http.Client
- func (this *Client) GetCommonEtcdEndpoint(token TokenCredential, region, interfaceType string) (*api.EndpointDetails, error)
- func (this *Client) GetCommonEtcdTLSConfig(endpoint *api.EndpointDetails) (*tls.Config, error)
- func (this *Client) GetDebug() bool
- func (this *Client) GetServiceCatalog() IServiceCatalog
- func (this *Client) HttpClient() *http.Client
- func (this *Client) NewAuthTokenCredential() TokenCredential
- func (this *Client) NewSession(ctx context.Context, region, zone, endpointType string, token TokenCredential) *ClientSession
- func (cli *Client) RegisterCatalogListener(l IServiceCatalogChangeListener)
- func (this *Client) SetDebug(debug bool)
- func (this *Client) SetHttpTransportProxyFunc(proxyFunc httputils.TransportProxyFunc)
- func (this *Client) SetProject(tenantId, tenantName, tenantDomain string, token TokenCredential) (TokenCredential, error)
- func (cli *Client) SetServiceCatalog(catalog IServiceCatalog)
- func (this *Client) SetTenant(tenantId, tenantName, tenantDomain string, token TokenCredential) (TokenCredential, error)
- func (this *Client) SetTransport(ts http.RoundTripper)
- func (this *Client) Verify(adminToken, token string) (cred TokenCredential, err error)
- func (this *Client) VerifyRequest(req http.Request, aksk s3auth.IAccessKeySecretRequest, virtualHost bool) (*SAkskTokenCredential, error)
- type ClientSession
- func (this *ClientSession) GetClient() *Client
- func (cs *ClientSession) GetCommonEtcdEndpoint() (*api.EndpointDetails, error)
- func (cs *ClientSession) GetContext() context.Context
- func (this *ClientSession) GetDomainId() string
- func (this *ClientSession) GetDomainName() string
- func (this *ClientSession) GetEndpointType() string
- func (this *ClientSession) GetProjectDomain() string
- func (this *ClientSession) GetProjectDomainId() string
- func (this *ClientSession) GetProjectId() string
- func (this *ClientSession) GetProjectName() string
- func (this *ClientSession) GetRegion() string
- func (this *ClientSession) GetServiceCatalog() IServiceCatalog
- func (this *ClientSession) GetServiceURL(service, endpointType string) (string, error)
- func (this *ClientSession) GetServiceURLs(service, endpointType string) ([]string, error)
- func (this *ClientSession) GetServiceVersionURL(service, endpointType string) (string, error)
- func (this *ClientSession) GetServiceVersionURLs(service, endpointType string) ([]string, error)
- func (this *ClientSession) GetTenantId() string
- func (this *ClientSession) GetTenantName() string
- func (cs *ClientSession) GetToken() TokenCredential
- func (this *ClientSession) GetUserId() string
- func (this *ClientSession) HasSystemAdminPrivilege() bool
- func (this *ClientSession) JSONRequest(service, endpointType string, method httputils.THttpMethod, url string, ...) (http.Header, jsonutils.JSONObject, error)
- func (this *ClientSession) JSONVersionRequest(service, endpointType string, method httputils.THttpMethod, url string, ...) (http.Header, jsonutils.JSONObject, error)
- func (this *ClientSession) ParseJSONResponse(reqBody string, resp *http.Response, err error) (http.Header, jsonutils.JSONObject, error)
- func (this *ClientSession) PrepareTask()
- func (this *ClientSession) RawBaseUrlRequest(service, endpointType string, method httputils.THttpMethod, url string, ...) (*http.Response, error)
- func (this *ClientSession) RawRequest(service, endpointType string, method httputils.THttpMethod, url string, ...) (*http.Response, error)
- func (this *ClientSession) RawVersionRequest(service, endpointType string, method httputils.THttpMethod, url string, ...) (*http.Response, error)
- func (this *ClientSession) RemoveTaskNotifyUrl()
- func (this *ClientSession) SetServiceCatalog(catalog IServiceCatalog)
- func (this *ClientSession) SetServiceUrl(service, url string)
- func (this *ClientSession) SetTaskNotifyUrl(url string)
- func (this *ClientSession) SetZone(zone string)
- func (this *ClientSession) ToJson() jsonutils.JSONObject
- func (this *ClientSession) WaitTaskNotify()
- type Endpoint
- type ExternalService
- type IIdentityProvider
- type IServiceCatalog
- type IServiceCatalogChangeListener
- type KeystoneDomainV3
- type KeystoneEndpointV2
- type KeystoneEndpointV3
- type KeystoneMetadataV2
- type KeystonePolicy
- type KeystoneProjectV3
- type KeystoneRoleV2
- type KeystoneRoleV3
- type KeystoneServiceCatalogV2
- func (catalog KeystoneServiceCatalogV2) GetExternalServices(region string) []ExternalService
- func (catalog KeystoneServiceCatalogV2) GetInternalServices(region string) []string
- func (catalog KeystoneServiceCatalogV2) GetServicesByInterface(region string, infType string) []ExternalService
- func (catalog KeystoneServiceCatalogV2) Len() int
- type KeystoneServiceCatalogV3
- func (catalog KeystoneServiceCatalogV3) GetExternalServices(region string) []ExternalService
- func (catalog KeystoneServiceCatalogV3) GetInternalServices(region string) []string
- func (catalog KeystoneServiceCatalogV3) GetServicesByInterface(region string, infType string) []ExternalService
- func (catalog KeystoneServiceCatalogV3) Len() int
- type KeystoneServiceV2
- type KeystoneServiceV3
- type KeystoneTenantV2
- type KeystoneTokenV2
- type KeystoneTokenV3
- type KeystoneUserV2
- type KeystoneUserV3
- type SAkskTokenCredential
- type SAuthContext
- type SAuthenticationIdentity
- type SAuthenticationInputV2
- type SAuthenticationInputV3
- type SFetchMatchPoliciesOutput
- type SSimpleToken
- func (self *SSimpleToken) GetCatalogData(serviceTypes []string, region string) jsonutils.JSONObject
- func (self *SSimpleToken) GetDomainId() string
- func (self *SSimpleToken) GetDomainName() string
- func (this *SSimpleToken) GetEndpoints(region string, endpointType string) []Endpoint
- func (self *SSimpleToken) GetExpires() time.Time
- func (self *SSimpleToken) GetExternalServices(region string) []ExternalService
- func (self *SSimpleToken) GetInternalServices(region string) []string
- func (this *SSimpleToken) GetLoginIp() string
- func (this *SSimpleToken) GetLoginSource() string
- func (self *SSimpleToken) GetProjectDomain() string
- func (self *SSimpleToken) GetProjectDomainId() string
- func (self *SSimpleToken) GetProjectId() string
- func (self *SSimpleToken) GetProjectName() string
- func (self *SSimpleToken) GetRegions() []string
- func (self *SSimpleToken) GetRoleIds() []string
- func (self *SSimpleToken) GetRoles() []string
- func (this *SSimpleToken) GetServiceCatalog() IServiceCatalog
- func (this *SSimpleToken) GetServicesByInterface(region string, infType string) []ExternalService
- func (self *SSimpleToken) GetTenantId() string
- func (self *SSimpleToken) GetTenantName() string
- func (self *SSimpleToken) GetTokenString() string
- func (self *SSimpleToken) GetUserId() string
- func (self *SSimpleToken) GetUserName() string
- func (self *SSimpleToken) HasSystemAdminPrivilege() bool
- func (self *SSimpleToken) IsAdmin() bool
- func (this *SSimpleToken) IsAllow(scope rbacutils.TRbacScope, service string, resource string, action string, ...) rbacutils.SPolicyResult
- func (self *SSimpleToken) IsValid() bool
- func (self *SSimpleToken) IsZero() bool
- func (self *SSimpleToken) Len() int
- func (self *SSimpleToken) String() string
- func (self *SSimpleToken) ToJson() jsonutils.JSONObject
- func (self *SSimpleToken) ValidDuration() time.Duration
- type TokenCredential
- type TokenCredentialV2
- func (self *TokenCredentialV2) GetCatalogData(serviceTypes []string, region string) jsonutils.JSONObject
- func (token *TokenCredentialV2) GetDomainId() string
- func (token *TokenCredentialV2) GetDomainName() string
- func (this *TokenCredentialV2) GetEndpoints(region string, endpointType string) []Endpoint
- func (this *TokenCredentialV2) GetExpires() time.Time
- func (this *TokenCredentialV2) GetExternalServices(region string) []ExternalService
- func (this *TokenCredentialV2) GetInternalServices(region string) []string
- func (this *TokenCredentialV2) GetLoginIp() string
- func (this *TokenCredentialV2) GetLoginSource() string
- func (token *TokenCredentialV2) GetProjectDomain() string
- func (token *TokenCredentialV2) GetProjectDomainId() string
- func (token *TokenCredentialV2) GetProjectId() string
- func (token *TokenCredentialV2) GetProjectName() string
- func (this *TokenCredentialV2) GetRegions() []string
- func (token *TokenCredentialV2) GetRoleIds() []string
- func (token *TokenCredentialV2) GetRoles() []string
- func (this *TokenCredentialV2) GetServiceCatalog() IServiceCatalog
- func (this *TokenCredentialV2) GetServicesByInterface(region string, infType string) []ExternalService
- func (token *TokenCredentialV2) GetTenantId() string
- func (token *TokenCredentialV2) GetTenantName() string
- func (token *TokenCredentialV2) GetTokenString() string
- func (token *TokenCredentialV2) GetUserId() string
- func (token *TokenCredentialV2) GetUserName() string
- func (this *TokenCredentialV2) HasSystemAdminPrivilege() bool
- func (this *TokenCredentialV2) IsAdmin() bool
- func (this *TokenCredentialV2) IsAllow(scope rbacutils.TRbacScope, service string, resource string, action string, ...) rbacutils.SPolicyResult
- func (this *TokenCredentialV2) IsValid() bool
- func (self *TokenCredentialV2) IsZero() bool
- func (this *TokenCredentialV2) Len() int
- func (self *TokenCredentialV2) String() string
- func (self *TokenCredentialV2) ToJson() jsonutils.JSONObject
- func (this *TokenCredentialV2) ValidDuration() time.Duration
- type TokenCredentialV3
- func (self *TokenCredentialV3) GetCatalogData(serviceTypes []string, region string) jsonutils.JSONObject
- func (token *TokenCredentialV3) GetDomainId() string
- func (token *TokenCredentialV3) GetDomainName() string
- func (this *TokenCredentialV3) GetEndpoints(region string, endpointType string) []Endpoint
- func (this *TokenCredentialV3) GetExpires() time.Time
- func (this *TokenCredentialV3) GetExternalServices(region string) []ExternalService
- func (this *TokenCredentialV3) GetInternalServices(region string) []string
- func (this *TokenCredentialV3) GetLoginIp() string
- func (this *TokenCredentialV3) GetLoginSource() string
- func (token *TokenCredentialV3) GetProjectDomain() string
- func (token *TokenCredentialV3) GetProjectDomainId() string
- func (token *TokenCredentialV3) GetProjectId() string
- func (token *TokenCredentialV3) GetProjectName() string
- func (this *TokenCredentialV3) GetRegions() []string
- func (token *TokenCredentialV3) GetRoleIds() []string
- func (token *TokenCredentialV3) GetRoles() []string
- func (this *TokenCredentialV3) GetServiceCatalog() IServiceCatalog
- func (this *TokenCredentialV3) GetServicesByInterface(region string, infType string) []ExternalService
- func (token *TokenCredentialV3) GetTenantId() string
- func (token *TokenCredentialV3) GetTenantName() string
- func (token *TokenCredentialV3) GetTokenString() string
- func (token *TokenCredentialV3) GetUserId() string
- func (token *TokenCredentialV3) GetUserName() string
- func (this *TokenCredentialV3) HasSystemAdminPrivilege() bool
- func (this *TokenCredentialV3) IsAdmin() bool
- func (this *TokenCredentialV3) IsAllow(scope rbacutils.TRbacScope, service string, resource string, action string, ...) rbacutils.SPolicyResult
- func (this *TokenCredentialV3) IsValid() bool
- func (self *TokenCredentialV3) IsZero() bool
- func (this *TokenCredentialV3) Len() int
- func (self *TokenCredentialV3) String() string
- func (self *TokenCredentialV3) ToJson() jsonutils.JSONObject
- func (this *TokenCredentialV3) ValidDuration() time.Duration
- type TokenManager
Constants ¶
View Source
const ( AuthSourceWeb = "web" AuthSourceAPI = "api" AuthSourceCli = "cli" AuthSourceSrv = "srv" AuthSourceOperator = "operator" )
View Source
const ( TASK_ID = "X-Task-Id" TASK_NOTIFY_URL = "X-Task-Notify-Url" AUTH_TOKEN = api.AUTH_TOKEN_HEADER // "X-Auth-Token" REGION_VERSION = "X-Region-Version" DEFAULT_API_VERSION = "v1" V2_API_VERSION = "v2" )
View Source
const REGION_ZONE_SEP = '-'
Variables ¶
View Source
var TokenCredentialType reflect.Type
Functions ¶
func CatalogGetServiceURL ¶
func CatalogGetServiceURL(catalog IServiceCatalog, service, region, zone, endpointType string) (string, error)
func CatalogGetServiceURLs ¶
func CatalogGetServiceURLs(catalog IServiceCatalog, service, region, zone, endpointType string) ([]string, error)
func GetTokenHeaders ¶
func GetTokenHeaders(userCred TokenCredential) http.Header
func Id2RegionZone ¶
func OwnerIdString ¶
func OwnerIdString(owner IIdentityProvider, scope rbacutils.TRbacScope) string
func SplitVersionedURL ¶
Types ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
func (*Client) AuthVersion ¶
func (*Client) Authenticate ¶
func (this *Client) Authenticate(uname, passwd, domainName, tenantName, tenantDomain string) (TokenCredential, error)
func (*Client) AuthenticateApi ¶
func (this *Client) AuthenticateApi(uname, passwd, domainName, tenantName, tenantDomain string) (TokenCredential, error)
func (*Client) AuthenticateByAccessKey ¶
func (*Client) AuthenticateCAS ¶
func (*Client) AuthenticateOAuth2 ¶
func (*Client) AuthenticateOIDC ¶
func (*Client) AuthenticateOperator ¶
func (this *Client) AuthenticateOperator(uname, passwd, domainName, tenantName, tenantDomain string) (TokenCredential, error)
func (*Client) AuthenticateSAML ¶
func (*Client) AuthenticateToken ¶
func (*Client) AuthenticateVerify ¶
func (*Client) AuthenticateWeb ¶
func (this *Client) AuthenticateWeb(uname, passwd, domainName, tenantName, tenantDomain string, cliIp string) (TokenCredential, error)
func (*Client) AuthenticateWithSource ¶
func (this *Client) AuthenticateWithSource(uname, passwd, domainName, tenantName, tenantDomain string, source string) (TokenCredential, error)
func (*Client) FetchMatchPolicies ¶
func (client *Client) FetchMatchPolicies(ctx context.Context, token TokenCredential) (*SFetchMatchPoliciesOutput, error)
func (*Client) GetCommonEtcdEndpoint ¶
func (this *Client) GetCommonEtcdEndpoint(token TokenCredential, region, interfaceType string) (*api.EndpointDetails, error)
func (*Client) GetCommonEtcdTLSConfig ¶
func (*Client) GetServiceCatalog ¶
func (this *Client) GetServiceCatalog() IServiceCatalog
func (*Client) HttpClient ¶
func (*Client) NewAuthTokenCredential ¶
func (this *Client) NewAuthTokenCredential() TokenCredential
func (*Client) NewSession ¶
func (this *Client) NewSession(ctx context.Context, region, zone, endpointType string, token TokenCredential) *ClientSession
func (*Client) RegisterCatalogListener ¶
func (cli *Client) RegisterCatalogListener(l IServiceCatalogChangeListener)
func (*Client) SetHttpTransportProxyFunc ¶
func (this *Client) SetHttpTransportProxyFunc(proxyFunc httputils.TransportProxyFunc)
func (*Client) SetProject ¶
func (this *Client) SetProject(tenantId, tenantName, tenantDomain string, token TokenCredential) (TokenCredential, error)
func (*Client) SetServiceCatalog ¶
func (cli *Client) SetServiceCatalog(catalog IServiceCatalog)
func (*Client) SetTenant ¶
func (this *Client) SetTenant(tenantId, tenantName, tenantDomain string, token TokenCredential) (TokenCredential, error)
func (*Client) SetTransport ¶
func (this *Client) SetTransport(ts http.RoundTripper)
func (*Client) Verify ¶
func (this *Client) Verify(adminToken, token string) (cred TokenCredential, err error)
func (*Client) VerifyRequest ¶
func (this *Client) VerifyRequest(req http.Request, aksk s3auth.IAccessKeySecretRequest, virtualHost bool) (*SAkskTokenCredential, error)
type ClientSession ¶
type ClientSession struct { Header http.Header /// headers for this session // contains filtered or unexported fields }
func (*ClientSession) GetClient ¶
func (this *ClientSession) GetClient() *Client
func (*ClientSession) GetCommonEtcdEndpoint ¶
func (cs *ClientSession) GetCommonEtcdEndpoint() (*api.EndpointDetails, error)
func (*ClientSession) GetContext ¶
func (cs *ClientSession) GetContext() context.Context
func (*ClientSession) GetDomainId ¶
func (this *ClientSession) GetDomainId() string
func (*ClientSession) GetDomainName ¶
func (this *ClientSession) GetDomainName() string
func (*ClientSession) GetEndpointType ¶
func (this *ClientSession) GetEndpointType() string
func (*ClientSession) GetProjectDomain ¶
func (this *ClientSession) GetProjectDomain() string
func (*ClientSession) GetProjectDomainId ¶
func (this *ClientSession) GetProjectDomainId() string
func (*ClientSession) GetProjectId ¶
func (this *ClientSession) GetProjectId() string
func (*ClientSession) GetProjectName ¶
func (this *ClientSession) GetProjectName() string
func (*ClientSession) GetRegion ¶
func (this *ClientSession) GetRegion() string
func (*ClientSession) GetServiceCatalog ¶
func (this *ClientSession) GetServiceCatalog() IServiceCatalog
func (*ClientSession) GetServiceURL ¶
func (this *ClientSession) GetServiceURL(service, endpointType string) (string, error)
func (*ClientSession) GetServiceURLs ¶
func (this *ClientSession) GetServiceURLs(service, endpointType string) ([]string, error)
func (*ClientSession) GetServiceVersionURL ¶
func (this *ClientSession) GetServiceVersionURL(service, endpointType string) (string, error)
func (*ClientSession) GetServiceVersionURLs ¶
func (this *ClientSession) GetServiceVersionURLs(service, endpointType string) ([]string, error)
func (*ClientSession) GetTenantId ¶
func (this *ClientSession) GetTenantId() string
func (*ClientSession) GetTenantName ¶
func (this *ClientSession) GetTenantName() string
func (*ClientSession) GetToken ¶
func (cs *ClientSession) GetToken() TokenCredential
func (*ClientSession) GetUserId ¶
func (this *ClientSession) GetUserId() string
func (*ClientSession) HasSystemAdminPrivilege ¶
func (this *ClientSession) HasSystemAdminPrivilege() bool
func (*ClientSession) JSONRequest ¶
func (this *ClientSession) JSONRequest(service, endpointType string, method httputils.THttpMethod, url string, headers http.Header, body jsonutils.JSONObject) (http.Header, jsonutils.JSONObject, error)
func (*ClientSession) JSONVersionRequest ¶
func (this *ClientSession) JSONVersionRequest( service, endpointType string, method httputils.THttpMethod, url string, headers http.Header, body jsonutils.JSONObject, ) (http.Header, jsonutils.JSONObject, error)
func (*ClientSession) ParseJSONResponse ¶
func (this *ClientSession) ParseJSONResponse(reqBody string, resp *http.Response, err error) (http.Header, jsonutils.JSONObject, error)
func (*ClientSession) PrepareTask ¶
func (this *ClientSession) PrepareTask()
func (*ClientSession) RawBaseUrlRequest ¶
func (*ClientSession) RawRequest ¶
func (*ClientSession) RawVersionRequest ¶
func (*ClientSession) RemoveTaskNotifyUrl ¶
func (this *ClientSession) RemoveTaskNotifyUrl()
func (*ClientSession) SetServiceCatalog ¶
func (this *ClientSession) SetServiceCatalog(catalog IServiceCatalog)
func (*ClientSession) SetServiceUrl ¶
func (this *ClientSession) SetServiceUrl(service, url string)
func (*ClientSession) SetTaskNotifyUrl ¶
func (this *ClientSession) SetTaskNotifyUrl(url string)
func (*ClientSession) SetZone ¶
func (this *ClientSession) SetZone(zone string)
func (*ClientSession) ToJson ¶
func (this *ClientSession) ToJson() jsonutils.JSONObject
func (*ClientSession) WaitTaskNotify ¶
func (this *ClientSession) WaitTaskNotify()
type ExternalService ¶
type IIdentityProvider ¶
type IServiceCatalog ¶
type IServiceCatalog interface { Len() int GetInternalServices(region string) []string GetExternalServices(region string) []ExternalService GetServicesByInterface(region string, infType string) []ExternalService // contains filtered or unexported methods }
type IServiceCatalogChangeListener ¶
type IServiceCatalogChangeListener interface {
OnServiceCatalogChange(catalog IServiceCatalog)
}
type KeystoneDomainV3 ¶
type KeystoneDomainV3 api.SIdentityObject
type KeystoneEndpointV2 ¶
type KeystoneEndpointV3 ¶
type KeystoneEndpointV3 struct { // endpoint ID // example: 75f4e36100184a5a8a3e36cb0f12aa87 Id string `json:"id"` // endpoint接口类型,目前定义了一下集中类型 // // | interface | 说明 | // |-----------|--------------------------------------------------------| // | internal | 内部接口,访问服务时默认用inernal类型的接口 | // | public | 外部接口 | // | admin | 管理类型接口,deprecated | // | console | web控制台接口,指定显示在web控制台的外部服务的接口地址 | // Interface string `json:"interface"` // 区域名称 Region string `json:"region"` // 区域ID RegionId string `json:"region_id"` // 接口URL Url string `json:"url"` // 接口名称 Name string `json:"name"` }
type KeystoneMetadataV2 ¶
type KeystonePolicy ¶
type KeystoneProjectV3 ¶
type KeystoneProjectV3 struct { // 项目ID Id string // 项目名称 Name string // 项目归属域 Domain KeystoneDomainV3 }
type KeystoneRoleV2 ¶
type KeystoneRoleV3 ¶
type KeystoneRoleV3 api.SIdentityObject
type KeystoneServiceCatalogV2 ¶
type KeystoneServiceCatalogV2 []KeystoneServiceV2
func (KeystoneServiceCatalogV2) GetExternalServices ¶
func (catalog KeystoneServiceCatalogV2) GetExternalServices(region string) []ExternalService
func (KeystoneServiceCatalogV2) GetInternalServices ¶
func (catalog KeystoneServiceCatalogV2) GetInternalServices(region string) []string
func (KeystoneServiceCatalogV2) GetServicesByInterface ¶
func (catalog KeystoneServiceCatalogV2) GetServicesByInterface(region string, infType string) []ExternalService
func (KeystoneServiceCatalogV2) Len ¶
func (catalog KeystoneServiceCatalogV2) Len() int
type KeystoneServiceCatalogV3 ¶
type KeystoneServiceCatalogV3 []KeystoneServiceV3
func (KeystoneServiceCatalogV3) GetExternalServices ¶
func (catalog KeystoneServiceCatalogV3) GetExternalServices(region string) []ExternalService
func (KeystoneServiceCatalogV3) GetInternalServices ¶
func (catalog KeystoneServiceCatalogV3) GetInternalServices(region string) []string
func (KeystoneServiceCatalogV3) GetServicesByInterface ¶
func (catalog KeystoneServiceCatalogV3) GetServicesByInterface(region string, infType string) []ExternalService
func (KeystoneServiceCatalogV3) Len ¶
func (catalog KeystoneServiceCatalogV3) Len() int
type KeystoneServiceV2 ¶
type KeystoneServiceV2 struct { // 服务名称 Name string `json:"name"` // 服务类型 Type string `json:"type"` // 服务接口地址列表 Endpoints []KeystoneEndpointV2 `json:"endpoints"` }
type KeystoneServiceV3 ¶
type KeystoneServiceV3 struct { // service ID Id string `json:"id,omitempty"` // service Name Name string `json:"name,omitempty"` // service Type,例如identity, compute等 Type string `json:"type,omitempty"` // service的访问endpoints Endpoints []KeystoneEndpointV3 `json:"endpoints,omitempty"` }
type KeystoneTenantV2 ¶
type KeystoneTokenV2 ¶
type KeystoneTokenV2 struct { // token Id string `json:"id"` // 过期时间(UTC) Expires time.Time `json:"expires"` // token有效的项目信息 Tenant KeystoneTenantV2 `json:"tenant"` }
type KeystoneTokenV3 ¶
type KeystoneTokenV3 struct { // AutdiIds, 没有什么用 // swagger:ignore AuditIds []string `json:"audit_ids"` // token过期时间 ExpiresAt time.Time `json:"expires_at"` // 是否为域的token IsDomain bool `json:"is_domain,allowfalse"` // token颁发时间 IssuedAt time.Time `json:"issued_at"` // 获取token的认证方式 Methods []string `json:"methods"` // token的关联项目,如果用户认证时scope为项目,则为改指定项目的信息 Project KeystoneProjectV3 `json:"project"` // token的关联用户在关联项目的权限信息,只有项目scope的token才有这个属性 Policies KeystonePolicy `json:"policies"` // token的关联用户在关联项目的角色列表,只有项目scope的token才有这个属性 Roles []KeystoneRoleV3 `json:"roles"` // token的关联用户信息 User KeystoneUserV3 `json:"user"` // 服务目录 Catalog KeystoneServiceCatalogV3 `json:"catalog"` // 认证上下文 Context SAuthContext `json:"context"` // 当用户认证时未指定scope时,会返回该用户所有的项目 Projects []KeystoneProjectV3 `json:"projects"` // 返回用户在所有项目的所有角色信息 RoleAssignments []api.SRoleAssignment `json:"role_assignments"` // 如果时AK/SK认证,返回用户的AccessKey/Secret信息,用于客户端后续的AK/SK认证,避免频繁访问keystone进行AK/SK认证 AccessKey api.SAccessKeySecretInfo `json:"access_key"` }
type KeystoneUserV2 ¶
type KeystoneUserV2 struct { // 用户ID Id string `json:"id"` // 用户名 Name string `json:"name"` // 用户username Username string `json:"username"` // 用户角色列表 Roles []KeystoneRoleV2 `json:"roles"` }
type KeystoneUserV3 ¶
type SAkskTokenCredential ¶
type SAkskTokenCredential struct { AccessKeySecret api.SAccessKeySecretInfo Token TokenCredential }
type SAuthContext ¶
type SAuthContext struct { // 认证来源类型, 可能的值有: // // | source | 说明 | // |----------|---------------------------| // | web | 通过web控制台认证 | // | api | api调用认证 | // | cli | climc客户端认证 | // | srv | 作为服务认证 | // | operator | 作为onecloud-operator认证 | // Source string `json:"source,omitempty"` // 认证来源IP Ip string `json:"ip,omitempty"` }
type SAuthenticationIdentity ¶
type SAuthenticationIdentity struct { // ID of identity provider, optional // required:false Id string `json:"id,omitempty"` // 认证方式列表,支持认证方式如下: // // | method | 说明 | // |----------|--------------------------------------------------------------------| // | password | 用户名密码认证 | // | token | token认证,已经通过其他方式获得token之后,可以用旧的token认证获得新的token | // | aksk | Access Key/Secret key认证 | // | cas | 通过SSO统一认证平台CAS认证 | // | saml | 作为SAML 2.0 SP通过IDP认证 | // | oidc | 作为OpenID Connect/OAuth2 Client认证 | // | oauth2 | OAuth2认证 | // | verify | 手机短信或邮箱认证 | // Methods []string `json:"methods,omitempty"` // 当认证方式为password时,通过该字段提供密码认证信息 Password struct { User struct { // 用户ID Id string `json:"id,omitempty"` // 用户名称 Name string `json:"name,omitempty"` // 密码 Password string `json:"password,omitempty"` // 用户所属域的信息 Domain struct { // 域ID Id string `json:"id,omitempty"` // 域名称 Name string `json:"name,omitempty"` } } `json:"user,omitempty"` } `json:"password,omitempty"` // 当认证方式为token时,通过该字段提供token认证信息 Token struct { // token Id string `json:"id,omitempty"` } `json:"token,omitempty"` // 当认证方式为aksk时,通过该字段提供客户端AK/SK信息 // 为了兼容不同版本的AK/SK认证方式,使用编码后的字符串传递该信息 AccessKeyRequest string `json:"access_key_secret,omitempty"` // 当认证方式为cas时,通过该字段提供CAS认证的ID // required:false CASTicket struct { Id string `json:"id,omitempty"` Service string `json:"service,omitempty"` } `json:"cas_ticket,omitempty"` // 当认证方式为saml时,通过该字段提供SAML认证的Response信息 SAMLAuth struct { Response string `json:"response,omitempty"` } `json:"saml_auth,omitempty"` OIDCAuth struct { Code string `json:"code,omitempty"` RedirectUri string `json:"redirect_uri,omitempty"` } `json:"oidc_auth,omitempty"` OAuth2 struct { Code string `json:"code,omitempty"` } `json:"oauth2,omitempty"` Verify struct { Uid string `json:"uid,omitempty"` VerifyCode string `json:"verify_code,omitempty"` ContactType string `json:"contact_type,omitempty"` } `json:"mobile,omitempty"` }
type SAuthenticationInputV2 ¶
type SAuthenticationInputV2 struct { // keystone v2 认证接口认证信息 // required:true Auth struct { // 如果使用用户名/密码认证,则需要设置passwordCredentials PasswordCredentials struct { // 用户名 Username string `json:"username,omitempty"` // 用户密码 Password string `json:"password,omitempty"` } `json:"passwordCredentials,omitempty"` // 指定认证用户的所属项目名称,该字段和tenantId二选一,或者不设置。 // 如果不提供tenantName和tenantId,则用户认证成功后,获得一个unscoped token // 此时,如果用户需要访问具体项目的资源,还是需要用unscoped token进行认证,获得指定项目的token // required:false TenantName string `json:"tenantName,omitempty"` // 指定认证用户的所属项目ID,该字段和tenantName二选一,或者不设置。 // required:false TenantId string `json:"tenantId,omitempty"` // 如果使用token认证,则需要设置token.Id Token struct { // token的字符串 Id string `json:"id,omitempty"` } `json:"token,omitempty"` // 认证上下文 // required:false Context SAuthContext `json:"context,omitempty"` } `json:"auth,omitempty"` }
type SAuthenticationInputV3 ¶
type SAuthenticationInputV3 struct { // keystone v3 认证接口认证信息 // required:true Auth struct { // 认证信息 // required:true Identity SAuthenticationIdentity `json:"identity,omitempty"` // 指定认证范围, 该字段可选。如果未指定scope,则用户认证成功后获得一个unscoped token, // 当用户需要访问指定项目的资源时,需要通过该unscope token进行认证,获得该项目scope的token // 目前只支持Project scope的token // required:false Scope struct { // 指定token的scope为指定的项目 // required:false Project struct { // 指定项目的ID,由于ID全局唯一,因此指定ID后不需要指定项目所在的域(Domain),ID和Name只需要指定其中一个 // required:false Id string `json:"id,omitempty"` // 指定项目的Name,指定Name时,需要指定项目所在的域(domain) // required:false Name string `json:"name,omitempty"` // 指定项目所在的域(domain) // required:false Domain struct { // 指定项目所在域的ID,ID和Name只需要指定其中一个 // required:false Id string `json:"id,omitempty"` // 指定项目所在域的Name // required:false Name string `json:"name,omitempty"` } `json:"domain,omitempty"` } `json:"project,omitempty"` // 指定token的scope为指定的域 // required:false Domain struct { // 指定domain的ID,ID和Name只需要指定其中一个 // required:false Id string `json:"id,omitempty"` // 指定Domain的Name // required:false Name string `json:"name,omitempty"` } `json:"domain,omitempty"` } `json:"scope,omitempty"` // 认证上下文 // required:false Context SAuthContext `json:"context,omitempty"` } `json:"auth,omitempty"` }
type SFetchMatchPoliciesOutput ¶
type SFetchMatchPoliciesOutput struct { Names map[rbacutils.TRbacScope][]string `json:"names"` Policies rbacutils.TPolicyGroup `json:"policies"` }
func (*SFetchMatchPoliciesOutput) Decode ¶
func (o *SFetchMatchPoliciesOutput) Decode(object jsonutils.JSONObject) error
func (SFetchMatchPoliciesOutput) Encode ¶
func (o SFetchMatchPoliciesOutput) Encode() jsonutils.JSONObject
type SSimpleToken ¶
type SSimpleToken struct { Token string Domain string DomainId string User string UserId string Project string `json:"tenant"` ProjectId string `json:"tenant_id"` ProjectDomain string ProjectDomainId string Roles string RoleIds string Expires time.Time Context SAuthContext }
func (*SSimpleToken) GetCatalogData ¶
func (self *SSimpleToken) GetCatalogData(serviceTypes []string, region string) jsonutils.JSONObject
func (*SSimpleToken) GetDomainId ¶
func (self *SSimpleToken) GetDomainId() string
func (*SSimpleToken) GetDomainName ¶
func (self *SSimpleToken) GetDomainName() string
func (*SSimpleToken) GetEndpoints ¶
func (this *SSimpleToken) GetEndpoints(region string, endpointType string) []Endpoint
func (*SSimpleToken) GetExpires ¶
func (self *SSimpleToken) GetExpires() time.Time
func (*SSimpleToken) GetExternalServices ¶
func (self *SSimpleToken) GetExternalServices(region string) []ExternalService
func (*SSimpleToken) GetInternalServices ¶
func (self *SSimpleToken) GetInternalServices(region string) []string
func (*SSimpleToken) GetLoginIp ¶
func (this *SSimpleToken) GetLoginIp() string
func (*SSimpleToken) GetLoginSource ¶
func (this *SSimpleToken) GetLoginSource() string
func (*SSimpleToken) GetProjectDomain ¶
func (self *SSimpleToken) GetProjectDomain() string
func (*SSimpleToken) GetProjectDomainId ¶
func (self *SSimpleToken) GetProjectDomainId() string
func (*SSimpleToken) GetProjectId ¶
func (self *SSimpleToken) GetProjectId() string
func (*SSimpleToken) GetProjectName ¶
func (self *SSimpleToken) GetProjectName() string
func (*SSimpleToken) GetRegions ¶
func (self *SSimpleToken) GetRegions() []string
func (*SSimpleToken) GetRoleIds ¶
func (self *SSimpleToken) GetRoleIds() []string
func (*SSimpleToken) GetRoles ¶
func (self *SSimpleToken) GetRoles() []string
func (*SSimpleToken) GetServiceCatalog ¶
func (this *SSimpleToken) GetServiceCatalog() IServiceCatalog
func (*SSimpleToken) GetServicesByInterface ¶
func (this *SSimpleToken) GetServicesByInterface(region string, infType string) []ExternalService
func (*SSimpleToken) GetTenantId ¶
func (self *SSimpleToken) GetTenantId() string
func (*SSimpleToken) GetTenantName ¶
func (self *SSimpleToken) GetTenantName() string
func (*SSimpleToken) GetTokenString ¶
func (self *SSimpleToken) GetTokenString() string
func (*SSimpleToken) GetUserId ¶
func (self *SSimpleToken) GetUserId() string
func (*SSimpleToken) GetUserName ¶
func (self *SSimpleToken) GetUserName() string
func (*SSimpleToken) HasSystemAdminPrivilege ¶
func (self *SSimpleToken) HasSystemAdminPrivilege() bool
func (*SSimpleToken) IsAdmin ¶
func (self *SSimpleToken) IsAdmin() bool
func (*SSimpleToken) IsAllow ¶
func (this *SSimpleToken) IsAllow(scope rbacutils.TRbacScope, service string, resource string, action string, extra ...string) rbacutils.SPolicyResult
func (*SSimpleToken) IsValid ¶
func (self *SSimpleToken) IsValid() bool
func (*SSimpleToken) IsZero ¶
func (self *SSimpleToken) IsZero() bool
func (*SSimpleToken) Len ¶
func (self *SSimpleToken) Len() int
func (*SSimpleToken) String ¶
func (self *SSimpleToken) String() string
func (*SSimpleToken) ToJson ¶
func (self *SSimpleToken) ToJson() jsonutils.JSONObject
func (*SSimpleToken) ValidDuration ¶
func (self *SSimpleToken) ValidDuration() time.Duration
type TokenCredential ¶
type TokenCredential interface { gotypes.ISerializable IServiceCatalog IIdentityProvider GetTokenString() string GetRoles() []string GetRoleIds() []string GetExpires() time.Time IsValid() bool ValidDuration() time.Duration // IsAdmin() bool HasSystemAdminPrivilege() bool IsAllow(scope rbacutils.TRbacScope, service string, resource string, action string, extra ...string) rbacutils.SPolicyResult GetRegions() []string GetServiceCatalog() IServiceCatalog GetCatalogData(serviceTypes []string, region string) jsonutils.JSONObject GetEndpoints(region string, endpointType string) []Endpoint ToJson() jsonutils.JSONObject GetLoginSource() string GetLoginIp() string }
func SimplifyToken ¶
func SimplifyToken(token TokenCredential) TokenCredential
type TokenCredentialV2 ¶
type TokenCredentialV2 struct { // token信息 Token KeystoneTokenV2 `json:"token"` // 服务目录 ServiceCatalog KeystoneServiceCatalogV2 `json:"service_catalog"` // 认证用户信息 User KeystoneUserV2 `json:"user"` // 用户所属项目列表 Tenants []KeystoneTenantV2 `json:"tenants"` // 认证元数据 Metadata KeystoneMetadataV2 `json:"metadata"` // 认证上下文 Context SAuthContext `json:"context"` }
Keystone token信息V2
func (*TokenCredentialV2) GetCatalogData ¶
func (self *TokenCredentialV2) GetCatalogData(serviceTypes []string, region string) jsonutils.JSONObject
func (*TokenCredentialV2) GetDomainId ¶
func (token *TokenCredentialV2) GetDomainId() string
func (*TokenCredentialV2) GetDomainName ¶
func (token *TokenCredentialV2) GetDomainName() string
func (*TokenCredentialV2) GetEndpoints ¶
func (this *TokenCredentialV2) GetEndpoints(region string, endpointType string) []Endpoint
func (*TokenCredentialV2) GetExpires ¶
func (this *TokenCredentialV2) GetExpires() time.Time
func (*TokenCredentialV2) GetExternalServices ¶
func (this *TokenCredentialV2) GetExternalServices(region string) []ExternalService
func (*TokenCredentialV2) GetInternalServices ¶
func (this *TokenCredentialV2) GetInternalServices(region string) []string
func (*TokenCredentialV2) GetLoginIp ¶
func (this *TokenCredentialV2) GetLoginIp() string
func (*TokenCredentialV2) GetLoginSource ¶
func (this *TokenCredentialV2) GetLoginSource() string
func (*TokenCredentialV2) GetProjectDomain ¶
func (token *TokenCredentialV2) GetProjectDomain() string
func (*TokenCredentialV2) GetProjectDomainId ¶
func (token *TokenCredentialV2) GetProjectDomainId() string
func (*TokenCredentialV2) GetProjectId ¶
func (token *TokenCredentialV2) GetProjectId() string
func (*TokenCredentialV2) GetProjectName ¶
func (token *TokenCredentialV2) GetProjectName() string
func (*TokenCredentialV2) GetRegions ¶
func (this *TokenCredentialV2) GetRegions() []string
func (*TokenCredentialV2) GetRoleIds ¶
func (token *TokenCredentialV2) GetRoleIds() []string
func (*TokenCredentialV2) GetRoles ¶
func (token *TokenCredentialV2) GetRoles() []string
func (*TokenCredentialV2) GetServiceCatalog ¶
func (this *TokenCredentialV2) GetServiceCatalog() IServiceCatalog
func (*TokenCredentialV2) GetServicesByInterface ¶
func (this *TokenCredentialV2) GetServicesByInterface(region string, infType string) []ExternalService
func (*TokenCredentialV2) GetTenantId ¶
func (token *TokenCredentialV2) GetTenantId() string
func (*TokenCredentialV2) GetTenantName ¶
func (token *TokenCredentialV2) GetTenantName() string
func (*TokenCredentialV2) GetTokenString ¶
func (token *TokenCredentialV2) GetTokenString() string
func (*TokenCredentialV2) GetUserId ¶
func (token *TokenCredentialV2) GetUserId() string
func (*TokenCredentialV2) GetUserName ¶
func (token *TokenCredentialV2) GetUserName() string
func (*TokenCredentialV2) HasSystemAdminPrivilege ¶
func (this *TokenCredentialV2) HasSystemAdminPrivilege() bool
func (*TokenCredentialV2) IsAdmin ¶
func (this *TokenCredentialV2) IsAdmin() bool
func (*TokenCredentialV2) IsAllow ¶
func (this *TokenCredentialV2) IsAllow(scope rbacutils.TRbacScope, service string, resource string, action string, extra ...string) rbacutils.SPolicyResult
func (*TokenCredentialV2) IsValid ¶
func (this *TokenCredentialV2) IsValid() bool
func (*TokenCredentialV2) IsZero ¶
func (self *TokenCredentialV2) IsZero() bool
func (*TokenCredentialV2) Len ¶
func (this *TokenCredentialV2) Len() int
func (*TokenCredentialV2) String ¶
func (self *TokenCredentialV2) String() string
func (*TokenCredentialV2) ToJson ¶
func (self *TokenCredentialV2) ToJson() jsonutils.JSONObject
func (*TokenCredentialV2) ValidDuration ¶
func (this *TokenCredentialV2) ValidDuration() time.Duration
type TokenCredentialV3 ¶
type TokenCredentialV3 struct { // keystone V3 token Token KeystoneTokenV3 `json:"token"` // swagger:ignore Id string `json:"id"` }
func (*TokenCredentialV3) GetCatalogData ¶
func (self *TokenCredentialV3) GetCatalogData(serviceTypes []string, region string) jsonutils.JSONObject
func (*TokenCredentialV3) GetDomainId ¶
func (token *TokenCredentialV3) GetDomainId() string
func (*TokenCredentialV3) GetDomainName ¶
func (token *TokenCredentialV3) GetDomainName() string
func (*TokenCredentialV3) GetEndpoints ¶
func (this *TokenCredentialV3) GetEndpoints(region string, endpointType string) []Endpoint
func (*TokenCredentialV3) GetExpires ¶
func (this *TokenCredentialV3) GetExpires() time.Time
func (*TokenCredentialV3) GetExternalServices ¶
func (this *TokenCredentialV3) GetExternalServices(region string) []ExternalService
func (*TokenCredentialV3) GetInternalServices ¶
func (this *TokenCredentialV3) GetInternalServices(region string) []string
func (*TokenCredentialV3) GetLoginIp ¶
func (this *TokenCredentialV3) GetLoginIp() string
func (*TokenCredentialV3) GetLoginSource ¶
func (this *TokenCredentialV3) GetLoginSource() string
func (*TokenCredentialV3) GetProjectDomain ¶
func (token *TokenCredentialV3) GetProjectDomain() string
func (*TokenCredentialV3) GetProjectDomainId ¶
func (token *TokenCredentialV3) GetProjectDomainId() string
func (*TokenCredentialV3) GetProjectId ¶
func (token *TokenCredentialV3) GetProjectId() string
func (*TokenCredentialV3) GetProjectName ¶
func (token *TokenCredentialV3) GetProjectName() string
func (*TokenCredentialV3) GetRegions ¶
func (this *TokenCredentialV3) GetRegions() []string
func (*TokenCredentialV3) GetRoleIds ¶
func (token *TokenCredentialV3) GetRoleIds() []string
func (*TokenCredentialV3) GetRoles ¶
func (token *TokenCredentialV3) GetRoles() []string
func (*TokenCredentialV3) GetServiceCatalog ¶
func (this *TokenCredentialV3) GetServiceCatalog() IServiceCatalog
func (*TokenCredentialV3) GetServicesByInterface ¶
func (this *TokenCredentialV3) GetServicesByInterface(region string, infType string) []ExternalService
func (*TokenCredentialV3) GetTenantId ¶
func (token *TokenCredentialV3) GetTenantId() string
func (*TokenCredentialV3) GetTenantName ¶
func (token *TokenCredentialV3) GetTenantName() string
func (*TokenCredentialV3) GetTokenString ¶
func (token *TokenCredentialV3) GetTokenString() string
func (*TokenCredentialV3) GetUserId ¶
func (token *TokenCredentialV3) GetUserId() string
func (*TokenCredentialV3) GetUserName ¶
func (token *TokenCredentialV3) GetUserName() string
func (*TokenCredentialV3) HasSystemAdminPrivilege ¶
func (this *TokenCredentialV3) HasSystemAdminPrivilege() bool
func (*TokenCredentialV3) IsAdmin ¶
func (this *TokenCredentialV3) IsAdmin() bool
func (*TokenCredentialV3) IsAllow ¶
func (this *TokenCredentialV3) IsAllow(scope rbacutils.TRbacScope, service string, resource string, action string, extra ...string) rbacutils.SPolicyResult
func (*TokenCredentialV3) IsValid ¶
func (this *TokenCredentialV3) IsValid() bool
func (*TokenCredentialV3) IsZero ¶
func (self *TokenCredentialV3) IsZero() bool
func (*TokenCredentialV3) Len ¶
func (this *TokenCredentialV3) Len() int
func (*TokenCredentialV3) String ¶
func (self *TokenCredentialV3) String() string
func (*TokenCredentialV3) ToJson ¶
func (self *TokenCredentialV3) ToJson() jsonutils.JSONObject
func (*TokenCredentialV3) ValidDuration ¶
func (this *TokenCredentialV3) ValidDuration() time.Duration
type TokenManager ¶
type TokenManager interface { Save(token TokenCredential) string Get(tid string) TokenCredential Remove(tid string) }
func NewMapTokenManager ¶
func NewMapTokenManager() TokenManager
Source Files ¶
Click to show internal directories.
Click to hide internal directories.