identity

package
v0.3.11-8 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 12, 2024 License: Apache-2.0 Imports: 10 Imported by: 53

Documentation

Index

Constants

View Source
const (
	DEFAULT_PROJECT = "default"

	ACCESS_SECRET_TYPE    = "aksk"
	TOTP_TYPE             = "totp"
	RECOVERY_SECRETS_TYPE = "recovery_secret"
	OIDC_CREDENTIAL_TYPE  = "oidc"
	ENCRYPT_KEY_TYPE      = "enc_key"
)
View Source
const (
	QueryScopeOne = "one"
	QUeryScopeSub = "sub"
)
View Source
const (
	IdpTemplateMSSingleDomain       = "msad_one_domain"
	IdpTemplateMSMultiDomain        = "msad_multi_domain"
	IdpTemplateOpenLDAPSingleDomain = "openldap_one_domain"

	IdpTemplateSAMLTest    = "samltest_saml"
	IdpTemplateAzureADSAML = "azure_ad_saml"

	IdpTemplateDex         = "dex_oidc"
	IdpTemplateGithub      = "github_oidc"
	IdpTemplateAzureOAuth2 = "azure_oidc"
	IdpTemplateGoogle      = "google_oidc"

	IdpTemplateAlipay   = "alipay_oauth2"
	IdpTemplateWechat   = "wechat_oauth2"
	IdpTemplateDingtalk = "dingtalk_oauth2"
	IdpTemplateFeishu   = "feishu_oauth2"
	IdpTemplateQywechat = "qywechat_oauth2"
	IdpTemplateBingoIAM = "bingoiam_oauth2"
)
View Source
const (
	SERVICE_TYPE = apis.SERVICE_TYPE_KEYSTONE

	DEFAULT_DOMAIN_ID   = "default"
	DEFAULT_DOMAIN_NAME = "Default"

	DefaultRemoteDomainId = "default_domain"

	DEFAULT_IDP_ID = DEFAULT_DOMAIN_ID

	SystemAdminUser    = "sysadmin"
	SystemAdminProject = "system"
	SystemAdminRole    = "admin"

	AUTH_METHOD_PASSWORD = "password"
	AUTH_METHOD_TOKEN    = "token"
	AUTH_METHOD_AKSK     = "aksk"
	AUTH_METHOD_CAS      = "cas"
	AUTH_METHOD_SAML     = "saml"
	AUTH_METHOD_OIDC     = "oidc"
	AUTH_METHOD_OAuth2   = "oauth2"
	AUTH_METHOD_VERIFY   = "verify"

	AUTH_TOKEN_HEADER         = "X-Auth-Token"
	AUTH_SUBJECT_TOKEN_HEADER = "X-Subject-Token"

	AssignmentUserProject  = "UserProject"
	AssignmentGroupProject = "GroupProject"
	AssignmentUserDomain   = "UserDomain"
	AssignmentGroupDomain  = "GroupDomain"

	EndpointInterfacePublic   = "public"
	EndpointInterfaceInternal = "internal"
	EndpointInterfaceAdmin    = "admin"
	EndpointInterfaceConsole  = "console"

	EndpointInterfaceApigateway = "apigateway"

	KeystoneDomainRoot = "<<keystone.domain.root>>"

	IdMappingEntityUser   = "user"
	IdMappingEntityGroup  = "group"
	IdMappingEntityDomain = "domain"

	IdentityDriverSQL    = "sql"
	IdentityDriverLDAP   = "ldap"
	IdentityDriverCAS    = "cas"
	IdentityDriverSAML   = "saml"
	IdentityDriverOIDC   = "oidc"   // OpenID Connect
	IdentityDriverOAuth2 = "oauth2" // OAuth2.0

	IdentityDriverStatusConnected    = "connected"
	IdentityDriverStatusDisconnected = "disconnected"
	IdentityDriverStatusDeleting     = "deleting"
	IdentityDriverStatusDeleteFailed = "delete_fail"

	IdentityProviderSyncLocal  = "local"
	IdentityProviderSyncFull   = "full"
	IdentityProviderSyncOnAuth = "auth"

	IdentitySyncStatusQueued  = "queued"
	IdentitySyncStatusSyncing = "syncing"
	IdentitySyncStatusIdle    = "idle"

	MinimalSyncIntervalSeconds = 5 * 60 // 5 minutes

	AUTH_TOKEN_LENGTH = 64
)
View Source
const (
	FernetKeyForToken      = "token"
	FernetKeyForCredential = "credential"
)
View Source
const (
	TAG_UPDATE_POLICY_ADD     = "add"
	TAG_UPDATE_POLICY_REMOVE  = "remove"
	TAG_UPDATE_POLICY_REPLACE = "replace"
)
View Source
const (
	AZURE_CLOUD_ENV_CHINA  = "china"
	AZURE_CLOUD_ENV_GLOBAL = "global"
)
View Source
const (
	OrganizationLabelSeparator = "/"

	OrganizationRootParent = "<-root-org-node->"

	OrganizationStatusInit       = "init"
	OrganizationStatusReady      = "ready"
	OrganizationStatusSync       = "sync"
	OrganizationStatusSyncFailed = "sync_failed"
)
View Source
const (
	OrgTypeProject = TOrgType("project")
	OrgTypeDomain  = TOrgType("domain")
	OrgTypeObject  = TOrgType("object")
)
View Source
const (
	IDENTITY_PROVIDER_TABLE          = "identity_provider"
	IDENTITY_PROVIDER_RESOURCE_TYPE  = "identity_provider"
	IDENTITY_PROVIDER_RESOURCE_TYPES = "identity_providers"
)
View Source
const (
	ROLE_SET_POLICY_ACTION_REPLACE = "replace"
	ROLE_SET_POLICY_ACTION_UPDATE  = "update"
	ROLE_SET_POLICY_ACTION_DEFAULT = ROLE_SET_POLICY_ACTION_REPLACE
)
View Source
const (
	PasswordResetHintAdminReset = "admin_reset"
	PasswordResetHintExpire     = "expire"
)

Variables

View Source
var (
	AUTH_METHODS = []string{AUTH_METHOD_PASSWORD, AUTH_METHOD_TOKEN, AUTH_METHOD_AKSK, AUTH_METHOD_CAS}

	PASSWORD_PROTECTED_IDPS = []string{
		IdentityDriverSQL,
		IdentityDriverLDAP,
	}

	SensitiveDomainConfigMap = map[string][]string{
		"ldap": {
			"password",
		},
	}

	CommonWhitelistOptionMap = map[string][]string{
		"default": {
			"enable_quota_check",
			"default_quota_value",
			"non_default_domain_projects",
			"time_zone",
			"domainized_namespace",
			"api_server",
			"customized_private_prefixes",
			"global_http_proxy",
			"global_https_proxy",
			"ignore_nonrunning_guests",
			"platform_name",
			"enable_cloud_shell",
			"platform_names",
			"enable_change_owner_auto_rename",
		},
	}

	ServiceBlacklistOptionMap = map[string][]string{
		"default": {

			"help",
			"version",
			"config",
			"pid_file",

			"region",
			"application_id",
			"log_level",
			"log_verbose_level",
			"temp_path",
			"address",
			"port",
			"port_v2",
			"admin_port",
			"notify_admin_users",
			"session_endpoint_type",
			"admin_password",
			"admin_project",
			"admin_project_domain",
			"admin_user",
			"admin_domain",
			"auth_url",
			"enable_ssl",
			"ssl_certfile",
			"ssl_keyfile",
			"ssl_ca_certs",

			"is_slave_node",
			"config_sync_period_seconds",
			"enable_app_profiling",

			"sql_connection",
			"clickhouse",
			"ops_log_with_clickhouse",
			"db_checksum_skip_init",
			"db_checksum_tables",
			"enable_db_checksum_tables",
			"db_checksum_hash_algorithm",
			"auto_sync_table",
			"exit_after_db_init",
			"global_virtual_resource_namespace",
			"debug_sqlchemy",
			"lockman_method",
			"etcd_lock_prefix",
			"etcd_lock_ttl",
			"etcd_endpoints",
			"etcd_username",
			"etcd_password",
			"etcd_use_tls",
			"etcd_skip_tls_verify",
			"etcd_cacert",
			"etcd_cert",
			"etcd_key",
			"splitable_max_duration_hours",
			"splitable_max_keep_segments",
			"ops_log_max_keep_months",

			"disable_local_vpc",

			"bootstrap_admin_user_password",
			"reset_admin_user_password",
			"fernet_key_repository",

			"listen_interface",
			"access_address",
			"listen_address",
			"tftp_root",

			"baremetals_path",

			"ipmi_lan_port_shared",
			"zone",
			"dhcp_lease_time",
			"dhcp_renewal_time",
			"enable_general_guest_dhcp",
			"force_dhcp_probe_ipmi",
			"tftp_block_size_in_bytes",
			"tftp_max_timeout_retries",
			"enable_grub_tftp_download",
			"lengthy_worker_count",
			"short_worker_count",

			"cache_path",
			"enable_pxe_boot",
			"boot_iso_path",

			"deploy_server_socket_path",
			"enable_remote_executor",
			"executor_socket_path",

			"running_mode",
		},
	}
)
View Source
var (
	OrganizationTypes = []TOrgType{
		OrgTypeProject,
		OrgTypeDomain,
		OrgTypeObject,
	}
)

Functions

func IsValidLabel

func IsValidLabel(val string) bool

func IsValidOrgType

func IsValidOrgType(orgType TOrgType) bool

func JoinLabels

func JoinLabels(seg ...string) string

func MergeServiceConfigOptions

func MergeServiceConfigOptions(opts ...map[string][]string) map[string][]string

func SplitLabel

func SplitLabel(label string) []string

Types

type CertificateDetails

type CertificateDetails struct {
	apis.SCertificateResourceBase
	CertName string `json:"cert_name"`
	CertId   string `json:"cert_id"`

	CaCertificate string `json:"ca_certificate"`
	CaPrivateKey  string `json:"ca_private_key"`
}

type CredentialCreateInput

type CredentialCreateInput struct {
	apis.StandaloneResourceCreateInput

	Type string `json:"type"`

	ProjectId string `json:"project_id"`

	UserId string `json:"user_id"`

	Blob string `json:"blob"`

	// Ignore
	EncryptedBlob string `json:"encrypted_blob"`

	// Ignore
	KeyHash string `json:"key_hash"`
}

type CredentialDetails

type CredentialDetails struct {
	apis.StandaloneResourceDetails
	SCredential

	Blob     string `json:"blob"`
	User     string `json:"user"`
	Domain   string `json:"domain"`
	DomainId string `json:"domain_id"`
}

type CredentialListInput

type CredentialListInput struct {
	apis.StandaloneResourceListInput

	UserFilterListInput
	ProjectFilterListInput

	Type []string `json:"type"`

	Enabled *bool `json:"enabled"`
}

type CredentialUpdateInput

type CredentialUpdateInput struct {
	apis.StandaloneResourceBaseUpdateInput

	// enabled
	Enabled *bool `json:"enabled"`
}

type DomainCreateInput

type DomainCreateInput struct {
	apis.StandaloneResourceCreateInput

	// 显示名
	Displayname string `json:"displayname"`

	// 是否启用
	Enabled *bool `json:"enabled"`
}

type DomainDetails

type DomainDetails struct {
	apis.StandaloneResourceDetails
	IdpResourceInfo

	SDomain

	DomainUsage

	// 归属该域的外部资源统计信息
	ExternalResourceInfo
}

type DomainListInput

type DomainListInput struct {
	apis.StandaloneResourceListInput

	Enabled *bool `json:"enabled"`

	// 按IDP过滤
	IdpId string `json:"idp_id"`

	// 按IDP_ENTITY_ID过滤
	IdpEntityId string `json:"idp_entity_id"`

	// domain tags filter imposed by policy
	PolicyDomainTags tagutils.TTagSetList `json:"policy_domain_tags"`
}

type DomainUpdateInput

type DomainUpdateInput struct {
	apis.StandaloneResourceBaseUpdateInput

	// 显示名
	Displayname string `json:"displayname"`

	// 是否启用
	Enabled *bool `json:"enabled"`
}

type DomainUsage

type DomainUsage struct {
	// 归属域的用户数量
	UserCount int `json:"user_count"`
	// 归属域的用户组数量
	GroupCount int `json:"group_count"`
	// 归属域的项目数量
	ProjectCount int `json:"project_count"`
	// 归属域的角色数量
	RoleCount int `json:"role_count"`
	// 归属域的权限策略数量
	PolicyCount int `json:"policy_count"`
	// 归属域的认证源数量
	IdpCount int `json:"idp_count"`
}

type EnabledIdentityBaseResourceCreateInput

type EnabledIdentityBaseResourceCreateInput struct {
	IdentityBaseResourceCreateInput

	Enabled *bool `json:"enabled"`
}

type EnabledIdentityBaseResourceDetails

type EnabledIdentityBaseResourceDetails struct {
	IdentityBaseResourceDetails
}

type EnabledIdentityBaseUpdateInput

type EnabledIdentityBaseUpdateInput struct {
	IdentityBaseUpdateInput

	// 是否启用
	Enabled *bool `json:"enabled"`
}

type EndpointDetails

type EndpointDetails struct {
	apis.StandaloneResourceDetails
	SEndpoint
	CertificateDetails

	// 服务名称,例如keystone, glance, region等
	ServiceName string `json:"service_name"`

	// 服务类型,例如identity, image, compute等
	ServiceType string `json:"service_type"`
}

type EndpointListInput

type EndpointListInput struct {
	apis.StandaloneResourceListInput

	ServiceFilterListInput
	RegionFilterListInput

	// 以Endpoint接口类型过滤,可能值为: internal, internalURL, public, publicURL, admin, adminURL, console
	Interface string `json:"interface"`

	// 是否启用
	Enabled *bool `json:"enabled"`
}

type ExternalResourceInfo

type ExternalResourceInfo struct {
	// 外部资源统计信息(资源类别:数量)
	ExtResource map[string]int `json:"ext_resource"`
	// 外部资源统计信息上次更新时间
	ExtResourcesLastUpdate time.Time `json:"ext_resources_last_update"`
	// 外部资源统计信息下次更新时间
	ExtResourcesNextUpdate time.Time `json:"ext_resources_next_update"`
}

type GetIdpSamlMetadataInput

type GetIdpSamlMetadataInput struct {
	// 缩进展示SAML sp metadata
	Pretty *bool `json:"pretty"`
	// AssertionConsumer callback URL
	RedirectUri string `json:"redirect_uri"`
}

type GetIdpSamlMetadataOutput

type GetIdpSamlMetadataOutput struct {
	// SAML 2.0 SP metadata
	Metadata string `json:"metadata"`
}

type GetIdpSsoCallbackUriInput

type GetIdpSsoCallbackUriInput struct {
	// SSO回调地址
	RedirectUri string `json:"redirect_uri"`
}

type GetIdpSsoCallbackUriOutput

type GetIdpSsoCallbackUriOutput struct {
	// SSO回调地址
	RedirectUri string `json:"redirect_uri"`
	// Driver
	Driver string `json:"driver"`
}

type GetIdpSsoRedirectUriInput

type GetIdpSsoRedirectUriInput struct {
	// SSO回调地址
	RedirectUri string `json:"redirect_uri"`
	// SSO状态信息
	State string `json:"state"`
}

type GetIdpSsoRedirectUriOutput

type GetIdpSsoRedirectUriOutput struct {
	// SSO跳转URI
	Uri string `json:"uri"`
	// Driver
	Driver string `json:"driver"`
}

type GroupCreateInput

type GroupCreateInput struct {
	IdentityBaseResourceCreateInput

	// display name
	Displayname string `json:"displayname"`
}

type GroupDetails

type GroupDetails struct {
	IdentityBaseResourceDetails

	IdpResourceInfo

	SGroup

	// 用户数量
	UserCount int `json:"user_count"`
	// 项目数量
	ProjectCount int `json:"project_count"`
}

type GroupFilterListInput

type GroupFilterListInput struct {
	// 组归属域
	GroupDomainId string `json:"group_domain_id"`
	// swagger:ignore
	// Deprecated
	GroupDomain string `json:"group_domain" yunion-deprecated-by:"group_domain_id"`

	// filter by group
	GroupId string `json:"group_id"`
	// swagger:ignore
	// Deprecated
	// filter by group_id
	Group string `json:"group" yunion-deprecated-by:"group_id"`
}

type GroupListInput

type GroupListInput struct {
	IdentityBaseResourceListInput

	UserFilterListInput
	ProjectFilterListInput

	// 名称过滤
	Displayname string `json:"displayname"`

	// 按IDP过滤
	IdpId string `json:"idp_id"`
}

type GroupUpdateInput

type GroupUpdateInput struct {
	IdentityBaseUpdateInput

	// display name
	Displayname string `json:"displayname"`
}

type IRbacIdentityWithUserId

type IRbacIdentityWithUserId interface {
	rbacutils.IRbacIdentity

	GetUserId() string
}

type IdentityBaseResourceDetails

type IdentityBaseResourceDetails struct {
	apis.StandaloneResourceDetails

	apis.DomainizedResourceInfo
}

type IdentityBaseUpdateInput

type IdentityBaseUpdateInput struct {
	apis.StandaloneResourceBaseUpdateInput
}

type IdentityProviderCreateInput

type IdentityProviderCreateInput struct {
	apis.EnabledStatusStandaloneResourceCreateInput

	// 后端驱动名称
	Driver string `json:"driver" ignore:"true"`

	// 模板名称
	Template string `json:"template" ignore:"true"`

	// 归属域
	OwnerDomainId string `json:"owner_domain_id"`

	// 默认导入用户和组的域
	TargetDomainId string `json:"target_domain_id"`
	// swagger:ignore
	// Deprecated
	TargetDomain string `json:"target_domain" yunion-deprecated-by:"target_domain_id"`

	// 新建域的时候是否自动新建第一个项目
	AutoCreateProject *bool `json:"auto_create_project"`
	// 当用户不存在时,是否自动新建用户
	AutoCreateUser *bool `json:"auto_create_user"`

	// 自动同步间隔,单位:秒
	SyncIntervalSeconds *int `json:"sync_interval_seconds"`

	// 配置信息
	Config TConfigs `json:"config" ignore:"true"`

	// 图标URL
	IconUri string `json:"icon_uri"`
}

type IdentityProviderDetails

type IdentityProviderDetails struct {
	apis.EnabledStatusStandaloneResourceDetails
	apis.DomainizedResourceInfo

	// 认证源账号信息同步周期
	SyncIntervalSeconds int `json:"sync_interval_seconds"`

	// 认证源的目标域名称
	TargetDomain string `json:"target_domain"`

	// 该认证源关联的所有域的角色数量
	RoleCount int `json:"role_count,allowempty"`

	// 该认证源关联的所有域的用户数量
	UserCount int `json:"user_count,allowempty"`

	// 该认证源关联的所有域的权限策略数量
	PolicyCount int `json:"policy_count,allowempty"`

	// 该认证源关联的所有域的数量
	DomainCount int `json:"domain_count,allowempty"`

	// 该认证源关联的所有域的项目数量
	ProjectCount int `json:"project_count,allowempty"`

	// 该认证源关联的所有域的组数量
	GroupCount int `json:"group_count,allowempty"`

	SIdentityProvider
}

type IdentityProviderListInput

type IdentityProviderListInput struct {
	apis.EnabledStatusStandaloneResourceListInput

	apis.DomainizedResourceListInput

	// 以驱动类型过滤
	Driver []string `json:"driver"`

	// 以模板过滤
	Template []string `json:"template"`

	// 以同步状态过滤
	SyncStatus []string `json:"sync_status"`

	// 过滤支持SSO的认证源,如果值为all,则列出所有的全局认证源,否则可出sso为域ID的域认证源
	// example: all
	SsoDomain string `json:"sso_domain"`

	AutoCreateProject *bool `json:"auto_create_project"`
	AutoCreateUser    *bool `json:"auto_create_user"`
}

type IdentityProviderUpdateInput

type IdentityProviderUpdateInput struct {
	apis.EnabledStatusStandaloneResourceBaseUpdateInput

	// 当认证后用户加入项目不存在时是否自动创建项目
	AutoCreateProject *bool `json:"auto_create_project"`
	// 当认证后用户不存在时是否自动创建用户
	AutoCreateUser *bool `json:"auto_create_user"`

	SyncIntervalSeconds *int `json:"sync_interval_seconds"`

	// 图标URL
	IconUri string `json:"icon_uri"`
}

type IdpResourceInfo

type IdpResourceInfo struct {
	// 认证源ID
	IdpId string `json:"idp_id"`

	// 认证源名称
	Idp string `json:"idp"`

	// 该资源在认证源的原始ID
	IdpEntityId string `json:"idp_entity_id"`

	// 认证源类型, 例如sql, cas, ldap等
	IdpDriver string `json:"idp_driver"`

	// 是否是SSO登录方式
	IsSso bool `json:"is_sso"`

	// 认证源模板
	Template string `json:"template"`
}

type OrganizationCreateInput

type OrganizationCreateInput struct {
	EnabledIdentityBaseResourceCreateInput
	apis.SharableResourceBaseCreateInput
	apis.StatusBaseResourceCreateInput

	Type TOrgType `json:"type"`

	// swagger: ignore
	Level int `json:"level,omitzero"`

	// key
	Key []string `json:"key"`

	// keys
	// swagger: ignore
	Keys string `json:"keys"`
}

type OrganizationNodeListInput

type OrganizationNodeListInput struct {
	apis.StandaloneResourceListInput

	OrgId string `json:"org_id"`

	OrgType TOrgType `json:"org_type"`

	Level int `json:"level"`

	// domain tags filter imposed by policy
	PolicyDomainTags tagutils.TTagSetList `json:"policy_domain_tags"`
	// project tags filter imposed by policy
	PolicyProjectTags tagutils.TTagSetList `json:"policy_project_tags"`
	// object tags filter imposed by policy
	PolicyObjectTags tagutils.TTagSetList `json:"policy_object_tags"`
}

type OrganizationNodePerformBindInput

type OrganizationNodePerformBindInput struct {
	TargetId []string `json:"target_id"`

	ResourceType string `json:"resource_type"`
}

type OrganizationNodeUpdateInput

type OrganizationNodeUpdateInput struct {
	apis.StandaloneResourceBaseUpdateInput

	Weight *int `json:"weight"`
}

type OrganizationPerformAddLevelsInput

type OrganizationPerformAddLevelsInput struct {
	Key []string `json:"key" help:"add keys"`

	OrganizationPerformAddNodeInput
}

type OrganizationPerformAddNodeInput

type OrganizationPerformAddNodeInput struct {
	Tags        map[string]string
	Weight      int
	Description string
}

type OrganizationPerformCleanInput

type OrganizationPerformCleanInput struct {
}

type OrganizationPerformSyncInput

type OrganizationPerformSyncInput struct {
	ResourceType string

	Reset *bool
}

type OrganizationUpdateInput

type OrganizationUpdateInput struct {
	EnabledIdentityBaseUpdateInput
}

type PerformConfigInput

type PerformConfigInput struct {
	// 更新配置的方式
	// example: update
	//
	// | action  |  含义                                         |
	// |---------|-----------------------------------------------|
	// | update  | 增量更新配置                                  |
	// | remove  | 删除指定配置                                  |
	// | replace | 全量替换配置,如果action为空,则默认为replace |
	//
	Action string `json:"action"`

	// 配置信息
	Config TConfigs `json:"config"`
}

type PerformDefaultSsoInput

type PerformDefaultSsoInput struct {
	Enable *bool `json:"enable" help:"enable default sso" negative:"disable"`
}

type PerformGroupAddUsersInput

type PerformGroupAddUsersInput struct {
	// 待添加用户列表(ID或名称)
	UserIds []string `json:"user_ids"`
	// Deprecated
	// swagger:ignore
	User []string `json:"user" yunion-deprecated-by:"user_ids"`
}

type PerformGroupRemoveUsersInput

type PerformGroupRemoveUsersInput struct {
	// 待删除用户列表(ID或名称)
	UserIds []string `json:"user_ids"`
	// Deprecated
	// swagger:ignore
	User []string `json:"user" yunion-deprecated-by:"user_ids"`
}

type PolicyBindRoleInput

type PolicyBindRoleInput struct {
	// 角色ID
	RoleId string `json:"role_id"`
	// 项目ID
	ProjectId string `json:"project_id"`
	//	IP白名单
	Ips []string `json:"ips"`
	// 权限有效开始时间
	ValidSince time.Time `json:"valid_since"`
	// 权限有效结束时间
	ValidUntil time.Time `json:"valid_until"`
}

type PolicyCreateInput

type PolicyCreateInput struct {
	EnabledIdentityBaseResourceCreateInput
	apis.SharableResourceBaseCreateInput

	// Deprecated
	// swagger:ignore
	Type string `json:"type"`

	// policy
	Blob jsonutils.JSONObject `json:"blob"`

	// 生效范围,project|domain|system
	Scope rbacscope.TRbacScope `json:"scope"`

	// 是否为系统权限
	IsSystem *bool `json:"is_system"`

	PolicyTagInput
}

type PolicyListInput

type PolicyListInput struct {
	EnabledIdentityBaseResourceListInput
	apis.SharableResourceBaseListInput

	// 以类型查询
	Type []string `json:"type"`

	// 是否显示系统权限
	IsSystem *bool `json:"is_system"`

	// filter policies by role id
	RoleId string `json:"role_id"`
	// swagger: ignore
	// Deprecated
	Role string `json:"role" yunion-deprecated-by:"role_id"`
}

type PolicyTagInput

type PolicyTagInput struct {
	// 匹配的资源标签
	ObjectTags tagutils.TTagSet `json:"object_tags,allowempty"`
	// 匹配的项目标签
	ProjectTags tagutils.TTagSet `json:"project_tags,allowempty"`
	// 匹配的域标签
	DomainTags tagutils.TTagSet `json:"domain_tags,allowempty"`

	// 组织架构节点ID
	OrgNodeId []string `json:"org_node_id,allowempty"`
}

type PolicyUpdateInput

type PolicyUpdateInput struct {
	EnabledIdentityBaseUpdateInput

	// Deprecated
	// swagger:ignore
	Type string `json:"type"`

	// Policy内容
	Blob jsonutils.JSONObject `json:"blob"`

	// 生效范围,project|domain|system
	Scope rbacscope.TRbacScope `json:"scope"`

	// 是否为系统权限
	IsSystem *bool `json:"is_system"`

	PolicyTagInput

	// Policy tag更新策略,可能的值为:add|remove|remove,默认为add
	TagUpdatePolicy string `json:"tag_update_policy"`
}

type ProjectCleanInput

type ProjectCleanInput struct {
}

type ProjectCreateInput

type ProjectCreateInput struct {
	IdentityBaseResourceCreateInput

	// 显示名称
	Displayname string `json:"displayname"`
}

type ProjectDetails

type ProjectDetails struct {
	IdentityBaseResourceDetails

	SProject

	// 项目管理员名称
	Admin string `json:"admin"`
	// 项目管理员域ID
	AdminDomainId string `json:"admin_domain_id"`
	// 项目管理员域名称
	AdminDomain string `json:"admin_domain"`

	// 加入项目的用户组数量
	GroupCount int `json:"group_count"`
	// 加入项目的用户数量
	UserCount int `json:"user_count"`

	// 归属该项目的外部资源统计信息
	ExternalResourceInfo

	Organization *SProjectOrganization
}

type ProjectFilterListInput

type ProjectFilterListInput struct {
	// 项目归属域
	ProjectDomainId string `json:"project_domain_id"`
	// swagger:ignore
	// Deprecated
	ProjectDomain string `json:"project_domain" yunion-deprecated-by:"project_domain_id"`

	// 以项目(ID或Name)过滤列表结果
	ProjectId string `json:"project_id"`
	// swagger:ignore
	// Deprecated
	// filter by project_id
	Project string `json:"project" yunion-deprecated-by:"project_id"`
	// swagger:ignore
	// Deprecated
	// filter by tenant
	Tenant string `json:"tenant" yunion-deprecated-by:"project_id"`
	// swagger:ignore
	// Deprecated
	// filter by tenant_id
	TenantId string `json:"tenant_id" yunion-deprecated-by:"project_id"`
}

type ProjectListInput

type ProjectListInput struct {
	IdentityBaseResourceListInput

	UserFilterListInput
	GroupFilterListInput

	// filter projects by Identity Provider
	IdpId string `json:"idp_id"`

	// 过滤出指定用户或者组可以加入的项目
	Jointable *bool `json:"jointable"`

	// project tags filter imposed by policy
	PolicyProjectTags tagutils.TTagSetList `json:"policy_project_tags"`

	// 通过项目管理员id过滤
	AdminId []string `json:"admin_id"`
}

type ProjectUpdateInput

type ProjectUpdateInput struct {
	IdentityBaseUpdateInput

	// 显示名称
	Displayname string `json:"displayname"`
}

type RAInputObject

type RAInputObject struct {
	Id string `json:"id"`
}

type RegionDetails

type RegionDetails struct {
	apis.StandaloneResourceDetails
	SRegion

	EndpointCount int `json:"endpoint_count"`
}

type RegionFilterListInput

type RegionFilterListInput struct {
	// 以区域名称或ID过滤
	RegionId string `json:"region_id"`
	// swagger:ignore
	// Deprecated
	Region string `json:"region" yunion-deprecated-by:"region_id"`
}

type RegionListInput

type RegionListInput struct {
	apis.StandaloneResourceListInput
}

type ResetCredentialInput

type ResetCredentialInput struct {
	// 密钥的类型
	Type string `json:"type"`
}

type RoleAssignmentsInput

type RoleAssignmentsInput struct {
	User  RAInputObject `json:"user"`
	Group RAInputObject `json:"group"`
	Role  RAInputObject `json:"role"`

	Scope struct {
		Project RAInputObject `json:"project"`
		Domain  RAInputObject `json:"domain"`
	} `json:"scope"`

	Users    []string `json:"users"`
	Groups   []string `json:"groups"`
	Roles    []string `json:"roles"`
	Projects []string `json:"projects"`
	Domains  []string `json:"domains"`

	ProjectDomainId string   `json:"project_domain_id"`
	ProjectDomains  []string `json:"project_domains"`

	IncludeNames    *bool `json:"include_names"`
	Effective       *bool `json:"effective"`
	IncludeSubtree  *bool `json:"include_subtree"`
	IncludeSystem   *bool `json:"include_system"`
	IncludePolicies *bool `json:"include_policies"`

	Limit  *int `json:"limit"`
	Offset *int `json:"offset"`
}

type RoleAssignmentsOutput

type RoleAssignmentsOutput struct {
	RoleAssignments []SRoleAssignment `json:"role_assignments,allowempty"`

	Total  int64 `json:"total"`
	Limit  int   `json:"limit"`
	Offset int   `json:"offset"`
}

type RoleDetails

type RoleDetails struct {
	IdentityBaseResourceDetails
	apis.SharableResourceBaseInfo

	SRole

	// 具有该角色的用户数量
	UserCount int `json:"user_count"`
	// 具有该角色的用户组数量
	GroupCount int `json:"group_count"`
	// 有该角色的用户或组的项目的数量
	ProjectCount int `json:"project_count"`

	// 该角色匹配的权限的名称列表
	MatchPolicies []string `json:"match_policies"`

	// 不同级别的权限的名称列表
	Policies map[rbacscope.TRbacScope][]string `json:"policies"`
}

type RoleFilterListInput

type RoleFilterListInput struct {
	// 角色归属域
	RoleDomainId string `json:"role_domain_id"`
	// swagger:ignore
	// Deprecated
	RoleDomain string `json:"role_domain" yunion-deprecated-by:"role_domain_id"`

	// filter by role
	RoleId string `json:"role_id"`
	// swagger:ignore
	// Deprecated
	// filter by role_id
	Role string `json:"role" yunion-deprecated-by:"role_id"`
}

type RolePerformAddPolicyInput

type RolePerformAddPolicyInput struct {
	PolicyId  string   `json:"policy_id"`
	ProjectId string   `json:"project_id"`
	Ips       []string `json:"ips"`

	ValidSince time.Time `json:"valid_since"`
	ValidUntil time.Time `json:"valid_until"`
}

type RolePerformRemovePolicyInput

type RolePerformRemovePolicyInput struct {
	PolicyId  string `json:"policy_id"`
	ProjectId string `json:"project_id"`
}

type RolePerformSetPoliciesInput

type RolePerformSetPoliciesInput struct {
	// 操作:replace|update, 默认为replace
	Action string `json:"action"`
	// 权限列表
	Policies []RolePerformAddPolicyInput `json:"policies"`
}

type RolePolicyDetails

type RolePolicyDetails struct {
	apis.ResourceBaseDetails

	Id string `json:"id"`

	Name string `json:"name"`

	Role string `json:"role"`

	Project string `json:"project"`

	Policy string `json:"policy"`

	Scope rbacscope.TRbacScope `json:"scope"`

	Description string `json:"description"`

	SRolePolicy
}

type RolePolicyListInput

type RolePolicyListInput struct {
	apis.ResourceBaseListInput

	RoleIds []string `json:"role_ids"`

	ProjectId string `json:"project_id"`

	PolicyId string `json:"policy_id"`

	Auth *bool `json:"auth"`
}

type RoleUpdateInput

type RoleUpdateInput struct {
	IdentityBaseUpdateInput
}

type SAccessKeySecretBlob

type SAccessKeySecretBlob struct {
	Secret string `json:"secret"`
	Expire int64  `json:"expire"`
}

func (SAccessKeySecretBlob) IsValid

func (info SAccessKeySecretBlob) IsValid() bool

type SAccessKeySecretInfo

type SAccessKeySecretInfo struct {
	AccessKey string
	SAccessKeySecretBlob
}

type SAssignment

type SAssignment struct {
	apis.SResourceBase
	// 关联类型,分为四类:'UserProject','GroupProject','UserDomain','GroupDomain'
	Type string `json:"type"`
	// 用户或者用户组ID
	ActorId string `json:"actor_id"`
	// 项目或者域ID
	TargetId string `json:"target_id"`
	// 角色ID
	RoleId    string `json:"role_id"`
	Inherited *bool  `json:"inherited,omitempty"`
}

SAssignment is an autogenerated struct via yunion.io/x/onecloud/pkg/keystone/models.SAssignment.

type SCASIdpConfigOptions

type SCASIdpConfigOptions struct {
	// https://cas.example.org/cas/
	CASServerURL string `json:"cas_server_url"`

	// Deprecated
	CasProjectAttribute string `json:"cas_project_attribute" "deprecated-by":"project_attribute"`
	// Deprecated
	AutoCreateCasProject tristate.TriState `json:"auto_create_cas_project"`
	// Deprecated
	DefaultCasProjectId string `json:"default_cas_project_id" "deprecated-by":"default_project_id"`
	// Deprecated
	CasRoleAttribute string `json:"cas_role_attribute" "deprected-by":"role_attribute"`
	// Deprecated
	DefaultCasRoleId string `json:"default_cas_role_id" "deprecated-by":"default_role_id"`

	SIdpAttributeOptions
}

type SConfigOption

type SConfigOption struct {
	apis.SResourceBase
	apis.SRecordChecksumResourceBase
	ResType string               `json:"res_type"`
	ResId   string               `json:"domain_id"`
	Group   string               `json:"group"`
	Option  string               `json:"option"`
	Value   jsonutils.JSONObject `json:"value"`
}

SConfigOption is an autogenerated struct via yunion.io/x/onecloud/pkg/keystone/models.SConfigOption.

type SCredential

type SCredential struct {
	apis.SStandaloneResourceBase
	UserId        string              `json:"user_id"`
	ProjectId     string              `json:"project_id"`
	Type          string              `json:"type"`
	KeyHash       string              `json:"key_hash"`
	Extra         *jsonutils.JSONDict `json:"extra"`
	EncryptedBlob string              `json:"encrypted_blob"`
	Enabled       *bool               `json:"enabled,omitempty"`
}

SCredential is an autogenerated struct via yunion.io/x/onecloud/pkg/keystone/models.SCredential.

type SDomain

type SDomain struct {
	apis.SStandaloneResourceBase
	apis.SPendingDeletedBase
	// 额外信息
	Extra *jsonutils.JSONDict `json:"extra"`
	// 改域是否启用
	Enabled *bool `json:"enabled,omitempty"`
	// 是否为域
	IsDomain *bool  `json:"is_domain,omitempty"`
	DomainId string `json:"domain_id"`
	ParentId string `json:"parent_id"`
	AdminId  string `json:"admin_id"`
}

SDomain is an autogenerated struct via yunion.io/x/onecloud/pkg/keystone/models.SDomain.

type SDomainObject

type SDomainObject struct {
	SIdentityObject

	// 归属域信息
	Domain SIdentityObject `json:"domain"`
}

type SDomainObjectWithMetadata

type SDomainObjectWithMetadata struct {
	SDomainObject

	// 标签信息
	Metadata map[string]string `json:"metadata"`
}

type SEnabledIdentityBaseResource

type SEnabledIdentityBaseResource struct {
	SIdentityBaseResource
	apis.SEnabledResourceBase
}

SEnabledIdentityBaseResource is an autogenerated struct via yunion.io/x/onecloud/pkg/keystone/models.SEnabledIdentityBaseResource.

type SEndpoint

type SEndpoint struct {
	apis.SStandaloneResourceBase
	LegacyEndpointId     string              `json:"legacy_endpoint_id"`
	Interface            string              `json:"interface"`
	ServiceId            string              `json:"service_id"`
	Url                  string              `json:"url"`
	Extra                *jsonutils.JSONDict `json:"extra"`
	Enabled              *bool               `json:"enabled,omitempty"`
	RegionId             string              `json:"region_id"`
	ServiceCertificateId string              `json:"service_certificate_id"`
}

SEndpoint is an autogenerated struct via yunion.io/x/onecloud/pkg/keystone/models.SEndpoint.

type SFederatedUser

type SFederatedUser struct {
	apis.SResourceBase
	Id          int    `json:"id"`
	UserId      string `json:"user_id"`
	IdpId       string `json:"idp_id"`
	ProtocolId  string `json:"protocol_id"`
	UniqueId    string `json:"unique_id"`
	DisplayName string `json:"display_name"`
}

SFederatedUser is an autogenerated struct via yunion.io/x/onecloud/pkg/keystone/models.SFederatedUser.

type SFederationProtocol

type SFederationProtocol struct {
	Id        string `json:"id"`
	IdpId     string `json:"idp_id"`
	MappingId string `json:"mapping_id"`
}

SFederationProtocol is an autogenerated struct via yunion.io/x/onecloud/pkg/keystone/models.SFederationProtocol.

type SFernetKey

type SFernetKey struct {
	Type  string `json:"type"`
	Index int    `json:"index"`
	Key   string `json:"key"`
}

SFernetKey is an autogenerated struct via yunion.io/x/onecloud/pkg/keystone/models.SFernetKey.

type SFetchDomainObject

type SFetchDomainObject struct {
	SIdentityObject
	// 归属域名称
	Domain string `json:"domain"`
	// 归属域ID
	DomainId string `json:"domain_id"`
}

type SFetchDomainObjectWithMetadata

type SFetchDomainObjectWithMetadata struct {
	SFetchDomainObject

	// 项目标签
	Metadata map[string]string `json:"metadata"`
}

type SGroup

type SGroup struct {
	SIdentityBaseResource
	// 用户组的显示名称
	Displayname string `json:"displayname"`
}

SGroup is an autogenerated struct via yunion.io/x/onecloud/pkg/keystone/models.SGroup.

type SGroupRole

type SGroupRole struct {
	Group string
	Role  string
}

type SIdentityBaseResource

type SIdentityBaseResource struct {
	apis.SStandaloneResourceBase
	apis.SDomainizedResourceBase
	apis.SPendingDeletedBase
	// 额外信息
	Extra *jsonutils.JSONDict `json:"extra"`
}

SIdentityBaseResource is an autogenerated struct via yunion.io/x/onecloud/pkg/keystone/models.SIdentityBaseResource.

type SIdentityObject

type SIdentityObject struct {
	// UUID
	Id string `json:"id"`
	// 名称
	Name string `json:"name"`
}

type SIdentityProvider

type SIdentityProvider struct {
	apis.SEnabledStatusStandaloneResourceBase
	apis.SDomainizedResourceBase
	Driver         string `json:"driver"`
	Template       string `json:"template"`
	TargetDomainId string `json:"target_domain_id"`
	// 是否自动创建项目
	AutoCreateProject *bool `json:"auto_create_project,omitempty"`
	// 是否自动创建用户
	AutoCreateUser *bool     `json:"auto_create_user,omitempty"`
	ErrorCount     int       `json:"error_count"`
	SyncStatus     string    `json:"sync_status"`
	LastSync       time.Time `json:"last_sync"`
	// = Column(DateTime, nullable=True)
	LastSyncEndAt       time.Time `json:"last_sync_end_at"`
	SyncIntervalSeconds int       `json:"sync_interval_seconds"`
	// 认证源图标
	IconUri string `json:"icon_uri"`
	// 是否是SSO登录方式
	IsSso *bool `json:"is_sso,omitempty"`
	// 是否是缺省SSO登录方式
	IsDefault *bool `json:"is_default,omitempty"`
}

SIdentityProvider is an autogenerated struct via yunion.io/x/onecloud/pkg/keystone/models.SIdentityProvider.

type SIdmapping

type SIdmapping struct {
	apis.SResourceBase
	PublicId    string `json:"public_id"`
	IdpId       string `json:"domain_id"`
	IdpEntityId string `json:"local_id"`
	EntityType  string `json:"entity_type"`
}

SIdmapping is an autogenerated struct via yunion.io/x/onecloud/pkg/keystone/models.SIdmapping.

type SIdpAttributeOptions

type SIdpAttributeOptions struct {
	DomainNameAttribute string `json:"domain_name_attribute"`
	DomainIdAttribute   string `json:"domain_id_attribute"`

	UserNameAttribute string `json:"user_name_attribute"`
	UserIdAttribute   string `json:"user_id_attribute"`

	UserDisplaynameAttribtue string `json:"user_displayname_attribute"`
	UserEmailAttribute       string `json:"user_email_attribute"`
	UserMobileAttribute      string `json:"user_mobile_attribute"`

	ProjectAttribute string `json:"project_attribute"`
	RolesAttribute   string `json:"roles_attribute"`

	DefaultProjectId string `json:"default_project_id"`
	DefaultRoleId    string `json:"default_role_id"`
}

func (*SIdpAttributeOptions) Update

type SIdpRemoteIds

type SIdpRemoteIds struct {
	IdpId    string `json:"idp_id"`
	RemoteId string `json:"remote_id"`
}

SIdpRemoteIds is an autogenerated struct via yunion.io/x/onecloud/pkg/keystone/models.SIdpRemoteIds.

type SImpliedRole

type SImpliedRole struct {
	PriorRoleId   string `json:"prior_role_id"`
	ImpliedRoleId string `json:"implied_role_id"`
}

SImpliedRole is an autogenerated struct via yunion.io/x/onecloud/pkg/keystone/models.SImpliedRole.

type SJoinProjectsInput

type SJoinProjectsInput struct {
	Projects []string `json:"projects"`
	Roles    []string `json:"roles"`
	// 启用用户, 仅用户禁用时生效
	Enabled bool
}

func (SJoinProjectsInput) Validate

func (input SJoinProjectsInput) Validate() error

type SLDAPIdpConfigBaseOptions

type SLDAPIdpConfigBaseOptions struct {
	Url      string `json:"url,omitempty" help:"LDAP server URL" required:"true"`
	Suffix   string `json:"suffix,omitempty" required:"true"`
	User     string `json:"user,omitempty" required:"true"`
	Password string `json:"password,omitempty" required:"true"`

	DisableUserOnImport bool `json:"disable_user_on_import"`
}

type SLDAPIdpConfigMultiDomainOptions

type SLDAPIdpConfigMultiDomainOptions struct {
	SLDAPIdpConfigBaseOptions

	DomainTreeDN string `json:"domain_tree_dn,omitempty" help:"Base domain tree distinguished name" required:"true"`
}

type SLDAPIdpConfigOptions

type SLDAPIdpConfigOptions struct {
	Url        string `json:"url,omitempty" help:"LDAP server URL" required:"true"`
	Suffix     string `json:"suffix,omitempty" required:"true"`
	QueryScope string `json:"query_scope,omitempty" help:"Query scope" choices:"one|sub"`

	User     string `json:"user,omitempty"`
	Password string `json:"password,omitempty"`

	DisableUserOnImport bool `json:"disable_user_on_import"`

	DomainTreeDN        string `json:"domain_tree_dn,omitempty" help:"Domain tree root node dn(distinguished name)"`
	DomainFilter        string `json:"domain_filter,omitempty"`
	DomainObjectclass   string `json:"domain_objectclass,omitempty"`
	DomainIdAttribute   string `json:"domain_id_attribute,omitempty"`
	DomainNameAttribute string `json:"domain_name_attribute,omitempty"`
	DomainQueryScope    string `json:"domain_query_scope,omitempty" help:"Query scope" choices:"one|sub"`

	UserTreeDN              string   `json:"user_tree_dn,omitempty" help:"User tree distinguished name"`
	UserFilter              string   `json:"user_filter,omitempty"`
	UserObjectclass         string   `json:"user_objectclass,omitempty"`
	UserIdAttribute         string   `json:"user_id_attribute,omitempty"`
	UserNameAttribute       string   `json:"user_name_attribute,omitempty"`
	UserEnabledAttribute    string   `json:"user_enabled_attribute,omitempty"`
	UserEnabledMask         int64    `json:"user_enabled_mask,allowzero" default:"-1"`
	UserEnabledDefault      string   `json:"user_enabled_default,omitempty"`
	UserEnabledInvert       bool     `json:"user_enabled_invert,allowfalse"`
	UserAdditionalAttribute []string `json:"user_additional_attribute_mapping,omitempty" token:"user_additional_attribute"`
	UserQueryScope          string   `json:"user_query_scope,omitempty" help:"Query scope" choices:"one|sub"`

	GroupTreeDN          string `json:"group_tree_dn,omitempty" help:"Group tree distinguished name"`
	GroupFilter          string `json:"group_filter,omitempty"`
	GroupObjectclass     string `json:"group_objectclass,omitempty"`
	GroupIdAttribute     string `json:"group_id_attribute,omitempty"`
	GroupNameAttribute   string `json:"group_name_attribute,omitempty"`
	GroupMemberAttribute string `json:"group_member_attribute,omitempty"`
	GroupMembersAreIds   bool   `json:"group_members_are_ids,allowfalse"`
	GroupQueryScope      string `json:"group_query_scope,omitempty" help:"Query scope" choices:"one|sub"`
}

type SLDAPIdpConfigSingleDomainOptions

type SLDAPIdpConfigSingleDomainOptions struct {
	SLDAPIdpConfigBaseOptions

	UserTreeDN  string `json:"user_tree_dn,omitempty" help:"Base user tree distinguished name" required:"true"`
	GroupTreeDN string `json:"group_tree_dn,omitempty" help:"Base group tree distinguished name" required:"true"`
}

type SLeaveProjectsInput

type SLeaveProjectsInput struct {
	ProjectRoles []SProjectRole `json:"project_roles"`
}

func (SLeaveProjectsInput) Validate

func (input SLeaveProjectsInput) Validate() error

type SLocalUser

type SLocalUser struct {
	apis.SResourceBase
	Id                int    `json:"id"`
	UserId            string `json:"user_id"`
	DomainId          string `json:"domain_id"`
	Name              string `json:"name"`
	FailedAuthCount   int    `json:"failed_auth_count"`
	NeedResetPassword *bool  `json:"need_reset_password,omitempty"`
	ResetHint         string `json:"reset_hint"`
}

SLocalUser is an autogenerated struct via yunion.io/x/onecloud/pkg/keystone/models.SLocalUser.

type SNonlocalUser

type SNonlocalUser struct {
	DomainId string `json:"domain_id"`
	Name     string `json:"name"`
	UserId   string `json:"user_id"`
}

SNonlocalUser is an autogenerated struct via yunion.io/x/onecloud/pkg/keystone/models.SNonlocalUser.

type SOAuth2IdpConfigOptions

type SOAuth2IdpConfigOptions struct {
	AppId  string `json:"app_id"`
	Secret string `json:"secret"`

	SIdpAttributeOptions
}

OAuth2.0

type SOIDCAzureConfigOptions

type SOIDCAzureConfigOptions struct {
	ClientId     string `json:"client_id"`
	ClientSecret string `json:"client_secret"`
	TenantId     string `json:"tenant_id"`
	CloudEnv     string `json:"cloud_env"`

	SIdpAttributeOptions
}

type SOIDCDexConfigOptions

type SOIDCDexConfigOptions struct {
	ClientId     string `json:"client_id"`
	ClientSecret string `json:"client_secret"`
	Endpoint     string `json:"endpoint"`

	SIdpAttributeOptions
}

type SOIDCGithubConfigOptions

type SOIDCGithubConfigOptions struct {
	ClientId     string `json:"client_id"`
	ClientSecret string `json:"client_secret"`

	SIdpAttributeOptions
}

type SOIDCGoogleConfigOptions

type SOIDCGoogleConfigOptions struct {
	ClientId     string `json:"client_id"`
	ClientSecret string `json:"client_secret"`

	SIdpAttributeOptions
}

type SOIDCIdpConfigOptions

type SOIDCIdpConfigOptions struct {
	ClientId     string `json:"client_id"`
	ClientSecret string `json:"client_secret"`

	Scopes []string `json:"scopes"`

	Endpoint    string `json:"endpoint"`
	AuthUrl     string `json:"auth_url"`
	TokenUrl    string `json:"token_url"`
	UserinfoUrl string `json:"userinfo_url"`

	TimeoutSecs int `json:"timeout_secs"`

	SIdpAttributeOptions
}

OpenID Connect Config Options

type SOrganization

type SOrganization struct {
	SEnabledIdentityBaseResource
	apis.SSharableBaseResource
	apis.SStatusResourceBase
	Type  string `json:"type"`
	Keys  string `json:"keys"`
	Level int    `json:"level"`
}

SOrganization is an autogenerated struct via yunion.io/x/onecloud/pkg/keystone/models.SOrganization.

type SOrganizationDetails

SOrganizationDetails is an autogenerated struct via yunion.io/x/onecloud/pkg/keystone/models.SOrganizationDetails.

type SOrganizationInfo

type SOrganizationInfo struct {
	Keys []string          `json:"levels,omitempty"`
	Tags map[string]string `json:"tags,omitempty"`
}

func (*SOrganizationInfo) IsZero

func (info *SOrganizationInfo) IsZero() bool

func (*SOrganizationInfo) String

func (info *SOrganizationInfo) String() string

type SOrganizationNode

type SOrganizationNode struct {
	apis.SStandaloneResourceBase
	apis.SPendingDeletedBase
	OrgId     string `json:"org_id"`
	FullLabel string `json:"full_label"`
	Level     int    `json:"level"`
	Weight    int    `json:"weight"`
}

SOrganizationNode is an autogenerated struct via yunion.io/x/onecloud/pkg/keystone/models.SOrganizationNode.

type SOrganizationNodeDetails

type SOrganizationNodeDetails struct {
	apis.StandaloneResourceDetails

	SOrganizationNode

	Tags tagutils.TTagSet `json:"tags"`

	Organization string `json:"organization"`

	Type TOrgType `json:"type"`
}

type SOrganizationNodeInfo

type SOrganizationNodeInfo struct {
	Id           string
	FullLabel    string
	OrgId        string
	Organization string
	Tags         tagutils.TTagSet
	Type         TOrgType
}

type SPassword

type SPassword struct {
	apis.SResourceBase
	Id           int    `json:"id"`
	LocalUserId  int    `json:"local_user_id"`
	Password     string `json:"password"`
	SelfService  bool   `json:"self_service"`
	PasswordHash string `json:"password_hash"`
	CreatedAtInt int64  `json:"created_at_int"`
	ExpiresAtInt int64  `json:"expires_at_int"`
}

SPassword is an autogenerated struct via yunion.io/x/onecloud/pkg/keystone/models.SPassword.

type SPolicy

type SPolicy struct {
	SEnabledIdentityBaseResource
	apis.SSharableBaseResource
	// swagger:ignore
	// Deprecated
	Type string `json:"type"`
	// 权限定义
	Blob jsonutils.JSONObject `json:"blob"`
	// 权限范围
	Scope string `json:"scope"`
	// 是否为系统权限
	IsSystem *bool `json:"is_system,omitempty"`
	// 匹配的项目标签
	ProjectTags []tagutils.STag `json:"project_tags"`
	// 匹配的域标签
	DomainTags []tagutils.STag `json:"domain_tags"`
	// 匹配的资源标签
	ObjectTags []tagutils.STag `json:"object_tags"`
	// 匹配的组织架构节点
	OrgNodeId []string `json:"org_node_id"`
}

SPolicy is an autogenerated struct via yunion.io/x/onecloud/pkg/keystone/models.SPolicy.

type SProject

type SProject struct {
	SIdentityBaseResource
	// 上级项目或域的ID
	ParentId string `json:"parent_id"`
	// 该项目是否为域(domain)
	IsDomain *bool  `json:"is_domain,omitempty"`
	AdminId  string `json:"admin_id"`
}

SProject is an autogenerated struct via yunion.io/x/onecloud/pkg/keystone/models.SProject.

type SProjectAddUserGroupInput

type SProjectAddUserGroupInput struct {
	Users          []string
	Groups         []string
	Roles          []string
	EnableAllUsers bool
}

func (SProjectAddUserGroupInput) Validate

func (input SProjectAddUserGroupInput) Validate() error

type SProjectExtended

type SProjectExtended struct {
	SProject
	DomainName string `json:"domain_name"`
}

SProjectExtended is an autogenerated struct via yunion.io/x/onecloud/pkg/keystone/models.SProjectExtended.

type SProjectOrganization

type SProjectOrganization struct {
	Id    string
	Name  string
	Keys  []string
	Nodes []SProjectOrganizationNode
}

type SProjectOrganizationNode

type SProjectOrganizationNode struct {
	Id     string
	Labels []string
}

type SProjectRemoveUserGroupInput

type SProjectRemoveUserGroupInput struct {
	UserRoles  []SUserRole
	GroupRoles []SGroupRole
}

func (SProjectRemoveUserGroupInput) Validate

func (input SProjectRemoveUserGroupInput) Validate() error

type SProjectRole

type SProjectRole struct {
	Project string `json:"project"`
	Role    string `json:"role"`
}

type SProjectSetAdminInput

type SProjectSetAdminInput struct {
	UserId string
}

type SRegion

type SRegion struct {
	apis.SStandaloneResourceBase
	ParentRegionId string              `json:"parent_region_id"`
	Extra          *jsonutils.JSONDict `json:"extra"`
}

SRegion is an autogenerated struct via yunion.io/x/onecloud/pkg/keystone/models.SRegion.

type SRole

SRole is an autogenerated struct via yunion.io/x/onecloud/pkg/keystone/models.SRole.

type SRoleAssignment

type SRoleAssignment struct {
	// 归属范围
	Scope struct {
		// 归属域信息
		Domain SIdentityObject `json:"domain"`
		// 归属项目信息,归属范围为项目时有值
		Project SDomainObjectWithMetadata `json:"project"`
	} `json:"scope"`

	// 用户信息
	User SDomainObject `json:"user"`
	// 用户组信息
	Group SDomainObject `json:"group"`
	// 用户加入项目的角色信息
	Role SDomainObject `json:"role"`

	// 用户角色关联的权限信息
	Policies struct {
		// 关联的项目权限名称列表
		Project []string `json:"project"`
		// 关联的域权限名称列表
		Domain []string `json:"domain"`
		// 关联的系统权限名称列表
		System []string `json:"system"`
	} `json:"policies"`
}

func (*SRoleAssignment) GetLoginIp

func (ra *SRoleAssignment) GetLoginIp() string

func (*SRoleAssignment) GetProjectId

func (ra *SRoleAssignment) GetProjectId() string

func (*SRoleAssignment) GetRoleIds

func (ra *SRoleAssignment) GetRoleIds() []string

func (*SRoleAssignment) GetTokenString

func (ra *SRoleAssignment) GetTokenString() string

type SRolePolicy

type SRolePolicy struct {
	apis.SResourceBase
	// 角色ID, 主键
	RoleId string `json:"role_id"`
	// 项目ID,主键
	ProjectId string `json:"project_id"`
	// 权限ID, 主键
	PolicyId string `json:"policy_id"`
	// 是否需要认证
	Auth *bool `json:"auth,omitempty"`
	// 匹配的IP白名单
	Ips string `json:"ips"`
	// 匹配开始时间
	ValidSince time.Time `json:"valid_since"`
	// 匹配结束时间
	ValidUntil time.Time `json:"valid_until"`
}

SRolePolicy is an autogenerated struct via yunion.io/x/onecloud/pkg/keystone/models.SRolePolicy.

type SSAMLAzureADConfigOptions

type SSAMLAzureADConfigOptions struct {
	TenantId string `json:"tenant_id"`

	SSAMLIdpBaseConfigOptions

	SIdpAttributeOptions
}

type SSAMLIdpBaseConfigOptions

type SSAMLIdpBaseConfigOptions struct {
	AllowIdpInit *bool `json:"allow_idp_init"`
}

type SSAMLIdpConfigOptions

type SSAMLIdpConfigOptions struct {
	EntityId       string `json:"entity_id"`
	RedirectSSOUrl string `json:"redirect_sso_url"`

	SSAMLIdpBaseConfigOptions

	SIdpAttributeOptions
}

type SSAMLTestIdpConfigOptions

type SSAMLTestIdpConfigOptions struct {
	// empty
	SSAMLIdpBaseConfigOptions
}

type SScopeResource

type SScopeResource struct {
	DomainId  string `json:"domain_id"`
	ProjectId string `json:"project_id"`
	OwnerId   string `json:"owner_id"`
	RegionId  string `json:"region_id"`
	ServiceId string `json:"service_id"`
	Resource  string `json:"resource"`
	Count     int    `json:"count"`
}

SScopeResource is an autogenerated struct via yunion.io/x/onecloud/pkg/keystone/models.SScopeResource.

type SService

type SService struct {
	apis.SStandaloneResourceBase
	Type          string              `json:"type"`
	Enabled       *bool               `json:"enabled,omitempty"`
	Extra         *jsonutils.JSONDict `json:"extra"`
	ConfigVersion int                 `json:"config_version"`
}

SService is an autogenerated struct via yunion.io/x/onecloud/pkg/keystone/models.SService.

type SServiceCertificate

type SServiceCertificate struct {
	apis.SStandaloneResourceBase
	apis.SCertificateResourceBase
	CaCertificate string `json:"ca_certificate"`
	CaPrivateKey  string `json:"ca_private_key"`
}

SServiceCertificate is an autogenerated struct via yunion.io/x/onecloud/pkg/keystone/models.SServiceCertificate.

type STokenCache

type STokenCache struct {
	apis.SStandaloneAnonResourceBase
	Valid     bool   `json:"valid"`
	Method    string `json:"method"`
	AuditIds  string `json:"audit_ids"`
	UserId    string `json:"user_id"`
	ProjectId string `json:"project_id"`
	DomainId  string `json:"domain_id"`
	Source    string `json:"source"`
	Ip        string `json:"ip"`
}

STokenCache is an autogenerated struct via yunion.io/x/onecloud/pkg/keystone/models.STokenCache.

type SUser

type SUser struct {
	apis.SRecordChecksumResourceBase
	SEnabledIdentityBaseResource
	// 用户邮箱
	Email string `json:"email"`
	// 用户手机号
	Mobile string `json:"mobile"`
	// 显示名称,用户登录后显示在右上角菜单入口
	Displayname string `json:"displayname"`
	// 上次登录时间
	LastActiveAt time.Time `json:"last_active_at"`
	// 上次用户登录IP
	LastLoginIp string `json:"last_login_ip"`
	// 上次用户登录方式,可能值有:web(web控制台),cli(命令行climc),API(api)
	LastLoginSource string `json:"last_login_source"`
	// 是否为系统账号,系统账号不会检查密码复杂度,默认不在列表显示
	IsSystemAccount *bool `json:"is_system_account,omitempty"`
	// deprecated
	DefaultProjectId string `json:"default_project_id"`
	// 是否允许登录Web控制台,如果是用于API访问的用户,可禁用web控制台登录
	AllowWebConsole *bool `json:"allow_web_console,omitempty"`
	// 是否开启MFA
	EnableMfa *bool `json:"enable_mfa,omitempty"`
	// 用户的默认语言设置,默认是zh_CN
	Lang string `json:"lang"`
}

SUser is an autogenerated struct via yunion.io/x/onecloud/pkg/keystone/models.SUser.

type SUserExtended

type SUserExtended struct {
	Id               string
	Name             string
	Enabled          bool
	DefaultProjectId string
	CreatedAt        time.Time
	LastActiveAt     time.Time
	DomainId         string

	IsSystemAccount bool

	Displayname string
	Email       string
	Mobile      string

	LocalId              int
	LocalName            string
	LocalFailedAuthCount int
	DomainName           string
	DomainEnabled        bool
	IsLocal              bool

	AuditIds []string
}

type SUserGroup

type SUserGroup struct {
	Id       string
	Name     string
	Domain   string
	DomainId string
}

type SUserOption

type SUserOption struct {
	UserId      string `json:"user_id"`
	OptionId    string `json:"option_id"`
	OptionValue string `json:"option_value"`
}

SUserOption is an autogenerated struct via yunion.io/x/onecloud/pkg/keystone/models.SUserOption.

type SUserRole

type SUserRole struct {
	User string
	Role string
}

type SUsergroupMembership

type SUsergroupMembership struct {
	apis.SResourceBase
	UserId  string `json:"user_id"`
	GroupId string `json:"group_id"`
}

SUsergroupMembership is an autogenerated struct via yunion.io/x/onecloud/pkg/keystone/models.SUsergroupMembership.

type ServiceDetails

type ServiceDetails struct {
	apis.StandaloneResourceDetails
	SService

	EndpointCount int `json:"endpoint_count"`
}

type ServiceFilterListInput

type ServiceFilterListInput struct {
	// 服务类型过滤
	ServiceType string `json:"service_type"`

	// 服务名称或ID过滤
	ServiceId string `json:"service_id"`
	// swagger:ignore
	// Deprecated
	// filter by service_id
	Service string `json:"service" yunion-deprecated-by:"service_id"`

	// 以服务名称排序
	OrderByService string `json:"order_by_service"`
}

type ServiceListInput

type ServiceListInput struct {
	apis.StandaloneResourceListInput

	// 以Service Type过滤
	Type []string `json:"type"`

	// 是否启用/禁用
	Enabled *bool `json:"enabled"`
}

type TConfigs

type TConfigs map[string]map[string]jsonutils.JSONObject

type TOrgType

type TOrgType string

type UserCreateInput

type UserCreateInput struct {
	EnabledIdentityBaseResourceCreateInput

	Email string `json:"email"`

	Mobile string `json:"mobile"`

	Displayname string `json:"displayname"`

	IsSystemAccount *bool `json:"is_system_account"`

	AllowWebConsole *bool `json:"allow_web_console"`

	EnableMfa *bool `json:"enable_mfa"`

	Password string `json:"password"`

	SkipPasswordComplexityCheck *bool `json:"skip_password_complexity_check"`

	IdpId string `json:"idp_id"`

	IdpEntityId string `json:"idp_entity_id"`

	Lang string `json:"lang"`
}

type UserDetails

type UserDetails struct {
	EnabledIdentityBaseResourceDetails

	SUser

	UserUsage

	// 归属该用户的外部资源统计信息
	ExternalResourceInfo

	// 用户归属的的项目信息
	Projects []SFetchDomainObjectWithMetadata `json:"projects"`
	// 用户归属的组
	Groups []SUserGroup `json:"groups"`
}

type UserFilterListInput

type UserFilterListInput struct {
	// 用户归属域
	UserDomainId string `json:"user_domain_id"`
	// swagger:ignore
	// Deprecated
	UserDomain string `json:"user_domain" yunion-deprecated-by:"user_domain_id"`

	// filter by user
	UserId string `json:"user_id"`
	// swagger:ignore
	// Deprecated
	// filter by user_id
	User string `json:"user" yunion-deprecated-by:"user_id"`
}

type UserLinkIdpInput

type UserLinkIdpInput struct {
	IdpId       string `json:"idp_id"`
	IdpEntityId string `json:"idp_entity_id"`
}

type UserListInput

type UserListInput struct {
	EnabledIdentityBaseResourceListInput

	GroupFilterListInput
	ProjectFilterListInput
	RoleFilterListInput

	// 角色生效所在的域
	RoleAssignmentDomainId string `json:"role_assignment_domain_id"`
	// 角色生效所在的项目
	RoleAssignmentProjectId string `json:"role_assignment_project_id"`

	// email
	Email string `json:"email"`
	// mobile
	Mobile string `json:"mobile"`
	// displayname
	Displayname string `json:"displayname"`

	// 是否允许web控制台登录
	AllowWebConsole *bool `json:"allow_web_console"`

	// 是否开启MFA认证
	EnableMfa *bool `json:"enable_mfa"`

	// 关联IDP
	IdpId string `json:"idp_id"`

	// 按IDP_ENTITY_ID过滤
	IdpEntityId string `json:"idp_entity_id"`
}

type UserUnlinkIdpInput

type UserUnlinkIdpInput UserLinkIdpInput

type UserUpdateInput

type UserUpdateInput struct {
	EnabledIdentityBaseUpdateInput

	Email string `json:"email"`

	Mobile string `json:"mobile"`

	Displayname string `json:"displayname"`

	IsSystemAccount *bool `json:"is_system_account"`

	AllowWebConsole *bool `json:"allow_web_console"`

	EnableMfa *bool `json:"enable_mfa"`

	Password string `json:"password"`

	SkipPasswordComplexityCheck *bool `json:"skip_password_complexity_check"`

	Lang string `json:"lang"`
}

type UserUsage

type UserUsage struct {
	// 用户归属用户组的数量
	GroupCount int `json:"group_count"`
	// 用户归属项目的数量
	ProjectCount int `json:"project_count"`
	// 归属该用户的密钥凭证(含AKSK,TOTP,Secret等)的数量
	CredentialCount int `json:"credential_count"`
	// 连续登录失败的次数
	FailedAuthCount int `json:"failed_auth_count"`
	// 上传登录失败的时间
	FailedAuthAt time.Time `json:"failed_auth_at"`

	// 登录后是否需要重置密码
	NeedResetPassword bool `json:"need_reset_password"`
	// 重置密码原因: admin_reset|expire
	PasswordResetHint string `json:"password_reset_hint"`

	// 密码过期时间(如果开启了密码过期)
	PasswordExpiresAt time.Time `json:"password_expires_at"`

	// 该用户是否为本地用户(SQL维护的用户)
	IsLocal bool `json:"is_local"`

	// 该用户关联的外部认证源的认证信息
	Idps []IdpResourceInfo `json:"idps"`
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL