Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve codecov #1384

Merged
merged 42 commits into from
Sep 25, 2024
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
42 commits
Select commit Hold shift + click to select a range
ac135db
docs:add error code desc
chuntaojun Sep 25, 2022
f4ddd23
fix:调整license-checker的触发
chuntaojun Oct 19, 2022
7db90bd
fix:调整license-checker的触发
chuntaojun Oct 19, 2022
9f8f3eb
hotfix:修复鉴权interceptor遗漏请求来源
chuntaojun Jun 27, 2023
5062e7f
fix:codecov
chuntaojun Jul 11, 2024
1d8d6cf
fix:codecov
chuntaojun Jul 12, 2024
15ec9bc
fix:codecov
chuntaojun Jul 15, 2024
2e9a66f
fix:就近路由代码增加
chuntaojun Jul 22, 2024
c1a74e3
fix:就近路由代码增加
chuntaojun Jul 22, 2024
2d8abb0
fix:就近路由代码增加
chuntaojun Jul 22, 2024
3a59b37
fix:就近路由代码增加
chuntaojun Jul 22, 2024
dfba8e7
fix:就近路由代码增加
chuntaojun Jul 22, 2024
d1199e0
fix:就近路由代码增加
chuntaojun Jul 29, 2024
797dd6b
refactor:鉴权能力优化调整
chuntaojun Aug 12, 2024
4ed969c
refactor:鉴权能力优化调整
chuntaojun Aug 12, 2024
9980a01
refactor:鉴权能力优化调整
chuntaojun Aug 16, 2024
cb0c87e
refactor:鉴权能力优化调整
chuntaojun Aug 16, 2024
94b77ef
refactor:鉴权能力优化调整
chuntaojun Aug 18, 2024
619a658
refactor:鉴权能力优化调整
chuntaojun Aug 19, 2024
b62ba20
refactor:鉴权能力优化调整
chuntaojun Aug 20, 2024
4a9bd56
refactor:鉴权能力优化调整
chuntaojun Aug 21, 2024
32b0158
refactor:鉴权能力优化调整
chuntaojun Aug 22, 2024
e55cdce
refactor:鉴权能力优化调整
chuntaojun Aug 29, 2024
048e034
refactor:鉴权能力优化调整
chuntaojun Aug 29, 2024
64485ef
refactor:鉴权能力优化调整
chuntaojun Aug 30, 2024
dd0d133
refactor:鉴权能力优化调整
chuntaojun Aug 30, 2024
18d70e8
refactor:鉴权能力优化调整
chuntaojun Aug 30, 2024
3232dbf
refactor:鉴权能力优化调整
chuntaojun Sep 2, 2024
a4c3735
refactor:鉴权能力优化调整
chuntaojun Sep 9, 2024
cc5b616
refactor:鉴权能力优化调整
chuntaojun Sep 9, 2024
6c2f6bd
refactor:鉴权能力优化调整
chuntaojun Sep 9, 2024
2929a54
refactor:鉴权能力优化调整
chuntaojun Sep 10, 2024
8a995b3
refactor:鉴权能力优化调整
chuntaojun Sep 12, 2024
e82149b
refactor:鉴权能力优化调整
chuntaojun Sep 12, 2024
07f7d33
refactor:鉴权能力优化调整
chuntaojun Sep 12, 2024
21f823d
refactor:鉴权能力优化调整
chuntaojun Sep 12, 2024
580c6b5
refactor:鉴权能力优化调整
chuntaojun Sep 12, 2024
b88ebba
refactor:鉴权能力优化调整
chuntaojun Sep 13, 2024
c6b45ad
refactor:鉴权能力优化调整
chuntaojun Sep 13, 2024
9a2eb9b
refactor:鉴权能力优化调整
chuntaojun Sep 19, 2024
4b5deef
refactor:鉴权能力优化调整
chuntaojun Sep 20, 2024
41bffc0
refactor:鉴权能力优化调整
chuntaojun Sep 25, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
fix:就近路由代码增加
  • Loading branch information
chuntaojun committed Jul 29, 2024
commit d1199e0f4a8b1f0f158bcf5262e509ed4182b3db
60 changes: 24 additions & 36 deletions admin/maintain_authability.go
Original file line number Diff line number Diff line change
Expand Up @@ -41,9 +41,8 @@ func (s *serverAuthAbility) InitMainUser(ctx context.Context, user apisecurity.U
}

func (svr *serverAuthAbility) GetServerConnections(ctx context.Context, req *admin.ConnReq) (*admin.ConnCountResp, error) {
authCtx := svr.collectMaintainAuthContext(ctx, authcommon.Read, "GetServerConnections")
_, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx)
if err != nil {
authCtx := svr.collectMaintainAuthContext(ctx, authcommon.Read, authcommon.DescribeServerConnections)
if _, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx); err != nil {
return nil, err
}

Expand All @@ -54,9 +53,8 @@ func (svr *serverAuthAbility) GetServerConnections(ctx context.Context, req *adm
}

func (svr *serverAuthAbility) GetServerConnStats(ctx context.Context, req *admin.ConnReq) (*admin.ConnStatsResp, error) {
authCtx := svr.collectMaintainAuthContext(ctx, authcommon.Read, "GetServerConnStats")
_, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx)
if err != nil {
authCtx := svr.collectMaintainAuthContext(ctx, authcommon.Read, authcommon.DescribeServerConnStats)
if _, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx); err != nil {
return nil, err
}

Expand All @@ -67,9 +65,8 @@ func (svr *serverAuthAbility) GetServerConnStats(ctx context.Context, req *admin
}

func (svr *serverAuthAbility) CloseConnections(ctx context.Context, reqs []admin.ConnReq) error {
authCtx := svr.collectMaintainAuthContext(ctx, authcommon.Delete, "CloseConnections")
_, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx)
if err != nil {
authCtx := svr.collectMaintainAuthContext(ctx, authcommon.Delete, authcommon.CloseConnections)
if _, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx); err != nil {
return err
}

Expand All @@ -80,9 +77,8 @@ func (svr *serverAuthAbility) CloseConnections(ctx context.Context, reqs []admin
}

func (svr *serverAuthAbility) FreeOSMemory(ctx context.Context) error {
authCtx := svr.collectMaintainAuthContext(ctx, authcommon.Modify, "FreeOSMemory")
_, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx)
if err != nil {
authCtx := svr.collectMaintainAuthContext(ctx, authcommon.Modify, authcommon.FreeOSMemory)
if _, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx); err != nil {
return err
}

Expand All @@ -93,9 +89,8 @@ func (svr *serverAuthAbility) FreeOSMemory(ctx context.Context) error {
}

func (svr *serverAuthAbility) CleanInstance(ctx context.Context, req *apiservice.Instance) *apiservice.Response {
authCtx := svr.collectMaintainAuthContext(ctx, authcommon.Delete, "CleanInstance")
_, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx)
if err != nil {
authCtx := svr.collectMaintainAuthContext(ctx, authcommon.Delete, authcommon.CleanInstance)
if _, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx); err != nil {
return api.NewResponseWithMsg(convertToErrCode(err), err.Error())
}

Expand All @@ -106,19 +101,17 @@ func (svr *serverAuthAbility) CleanInstance(ctx context.Context, req *apiservice
}

func (svr *serverAuthAbility) BatchCleanInstances(ctx context.Context, batchSize uint32) (uint32, error) {
authCtx := svr.collectMaintainAuthContext(ctx, authcommon.Delete, "BatchCleanInstances")
_, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx)
if err != nil {
authCtx := svr.collectMaintainAuthContext(ctx, authcommon.Delete, authcommon.BatchCleanInstances)
if _, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx); err != nil {
return 0, err
}

return svr.targetServer.BatchCleanInstances(ctx, batchSize)
}

func (svr *serverAuthAbility) GetLastHeartbeat(ctx context.Context, req *apiservice.Instance) *apiservice.Response {
authCtx := svr.collectMaintainAuthContext(ctx, authcommon.Read, "GetLastHeartbeat")
_, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx)
if err != nil {
authCtx := svr.collectMaintainAuthContext(ctx, authcommon.Read, authcommon.DescribeInstanceLastHeartbeat)
if _, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx); err != nil {
return api.NewResponseWithMsg(convertToErrCode(err), err.Error())
}

Expand All @@ -129,9 +122,8 @@ func (svr *serverAuthAbility) GetLastHeartbeat(ctx context.Context, req *apiserv
}

func (svr *serverAuthAbility) GetLogOutputLevel(ctx context.Context) ([]admin.ScopeLevel, error) {
authCtx := svr.collectMaintainAuthContext(ctx, authcommon.Read, "GetLogOutputLevel")
_, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx)
if err != nil {
authCtx := svr.collectMaintainAuthContext(ctx, authcommon.Read, authcommon.DescribeGetLogOutputLevel)
if _, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx); err != nil {
return nil, err
}

Expand All @@ -142,19 +134,17 @@ func (svr *serverAuthAbility) GetLogOutputLevel(ctx context.Context) ([]admin.Sc
}

func (svr *serverAuthAbility) SetLogOutputLevel(ctx context.Context, scope string, level string) error {
authCtx := svr.collectMaintainAuthContext(ctx, authcommon.Modify, "SetLogOutputLevel")
_, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx)
if err != nil {
authCtx := svr.collectMaintainAuthContext(ctx, authcommon.Modify, authcommon.UpdateLogOutputLevel)
if _, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx); err != nil {
return err
}

return svr.targetServer.SetLogOutputLevel(ctx, scope, level)
}

func (svr *serverAuthAbility) ListLeaderElections(ctx context.Context) ([]*admin.LeaderElection, error) {
authCtx := svr.collectMaintainAuthContext(ctx, authcommon.Read, "ListLeaderElections")
_, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx)
if err != nil {
authCtx := svr.collectMaintainAuthContext(ctx, authcommon.Read, authcommon.DescribeLeaderElections)
if _, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx); err != nil {
return nil, err
}

Expand All @@ -165,9 +155,8 @@ func (svr *serverAuthAbility) ListLeaderElections(ctx context.Context) ([]*admin
}

func (svr *serverAuthAbility) ReleaseLeaderElection(ctx context.Context, electKey string) error {
authCtx := svr.collectMaintainAuthContext(ctx, authcommon.Modify, "ReleaseLeaderElection")
_, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx)
if err != nil {
authCtx := svr.collectMaintainAuthContext(ctx, authcommon.Modify, authcommon.ReleaseLeaderElection)
if _, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx); err != nil {
return err
}

Expand All @@ -178,9 +167,8 @@ func (svr *serverAuthAbility) ReleaseLeaderElection(ctx context.Context, electKe
}

func (svr *serverAuthAbility) GetCMDBInfo(ctx context.Context) ([]model.LocationView, error) {
authCtx := svr.collectMaintainAuthContext(ctx, authcommon.Read, "GetCMDBInfo")
_, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx)
if err != nil {
authCtx := svr.collectMaintainAuthContext(ctx, authcommon.Read, authcommon.DescribeCMDBInfo)
if _, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx); err != nil {
return nil, err
}

Expand Down
2 changes: 1 addition & 1 deletion admin/server_authability.go
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ func newServerAuthAbility(targetServer *Server,
}

func (svr *serverAuthAbility) collectMaintainAuthContext(ctx context.Context, resourceOp authcommon.ResourceOperation,
methodName string) *authcommon.AcquireContext {
methodName authcommon.ServerFunctionName) *authcommon.AcquireContext {
return authcommon.NewAcquireContext(
authcommon.WithRequestContext(ctx),
authcommon.WithOperation(resourceOp),
Expand Down
16 changes: 8 additions & 8 deletions apiserver/httpserver/auth_access.go
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ func (h *HTTPServer) GetAuthServer(ws *restful.WebService) error {
ws.Route(docs.EnrichUpdateUserApiDocs(ws.PUT("/user").To(h.UpdateUser)))
ws.Route(docs.EnrichUpdateUserPasswordApiDocs(ws.PUT("/user/password").To(h.UpdateUserPassword)))
ws.Route(docs.EnrichGetUserTokenApiDocs(ws.GET("/user/token").To(h.GetUserToken)))
ws.Route(docs.EnrichUpdateUserTokenApiDocs(ws.PUT("/user/token/status").To(h.UpdateUserToken)))
ws.Route(docs.EnrichUpdateUserTokenApiDocs(ws.PUT("/user/token/status").To(h.EnableUserToken)))
ws.Route(docs.EnrichResetUserTokenApiDocs(ws.PUT("/user/token/refresh").To(h.ResetUserToken)))
//
ws.Route(docs.EnrichCreateGroupApiDocs(ws.POST("/usergroup").To(h.CreateGroup)))
Expand All @@ -52,7 +52,7 @@ func (h *HTTPServer) GetAuthServer(ws *restful.WebService) error {
ws.Route(docs.EnrichDeleteGroupsApiDocs(ws.POST("/usergroups/delete").To(h.DeleteGroups)))
ws.Route(docs.EnrichGetGroupApiDocs(ws.GET("/usergroup/detail").To(h.GetGroup)))
ws.Route(docs.EnrichGetGroupTokenApiDocs(ws.GET("/usergroup/token").To(h.GetGroupToken)))
ws.Route(docs.EnrichUpdateGroupTokenApiDocs(ws.PUT("/usergroup/token/status").To(h.UpdateGroupToken)))
ws.Route(docs.EnrichUpdateGroupTokenApiDocs(ws.PUT("/usergroup/token/status").To(h.EnableGroupToken)))
ws.Route(docs.EnrichResetGroupTokenApiDocs(ws.PUT("/usergroup/token/refresh").To(h.ResetGroupToken)))

ws.Route(docs.EnrichCreateStrategyApiDocs(ws.POST("/auth/strategy").To(h.CreateStrategy)))
Expand Down Expand Up @@ -213,8 +213,8 @@ func (h *HTTPServer) GetUserToken(req *restful.Request, rsp *restful.Response) {
handler.WriteHeaderAndProto(h.userMgn.GetUserToken(handler.ParseHeaderContext(), user))
}

// UpdateUserToken 更改用户的token
func (h *HTTPServer) UpdateUserToken(req *restful.Request, rsp *restful.Response) {
// EnableUserToken 更改用户的token
func (h *HTTPServer) EnableUserToken(req *restful.Request, rsp *restful.Response) {
handler := &httpcommon.Handler{
Request: req,
Response: rsp,
Expand All @@ -228,7 +228,7 @@ func (h *HTTPServer) UpdateUserToken(req *restful.Request, rsp *restful.Response
return
}

handler.WriteHeaderAndProto(h.userMgn.UpdateUserToken(ctx, user))
handler.WriteHeaderAndProto(h.userMgn.EnableUserToken(ctx, user))
}

// ResetUserToken 重置用户 token
Expand Down Expand Up @@ -358,8 +358,8 @@ func (h *HTTPServer) GetGroupToken(req *restful.Request, rsp *restful.Response)
handler.WriteHeaderAndProto(h.userMgn.GetGroupToken(ctx, group))
}

// UpdateGroupToken 更新用户组 token
func (h *HTTPServer) UpdateGroupToken(req *restful.Request, rsp *restful.Response) {
// EnableGroupToken 更新用户组 token
func (h *HTTPServer) EnableGroupToken(req *restful.Request, rsp *restful.Response) {
handler := &httpcommon.Handler{
Request: req,
Response: rsp,
Expand All @@ -373,7 +373,7 @@ func (h *HTTPServer) UpdateGroupToken(req *restful.Request, rsp *restful.Respons
return
}

handler.WriteHeaderAndProto(h.userMgn.UpdateGroupToken(ctx, group))
handler.WriteHeaderAndProto(h.userMgn.EnableGroupToken(ctx, group))
}

// ResetGroupToken 重置用户组 token
Expand Down
36 changes: 2 additions & 34 deletions apiserver/httpserver/utils/handler.go
Original file line number Diff line number Diff line change
Expand Up @@ -84,39 +84,7 @@ func (h *Handler) parseArray(createMessage func() proto.Message, jsonDecoder *js
return nil, err
}
}
return h.postParseMessage(requestID)
}

func (h *Handler) postParseMessage(requestID string) (context.Context, error) {
platformID := h.Request.HeaderParameter("Platform-Id")
platformToken := h.Request.HeaderParameter("Platform-Token")
token := h.Request.HeaderParameter("Polaris-Token")
authToken := h.Request.HeaderParameter(utils.HeaderAuthTokenKey)
ctx := context.Background()
ctx = context.WithValue(ctx, utils.StringContext("request-id"), requestID)
ctx = context.WithValue(ctx, utils.StringContext("platform-id"), platformID)
ctx = context.WithValue(ctx, utils.StringContext("platform-token"), platformToken)
if token != "" {
ctx = context.WithValue(ctx, utils.StringContext("polaris-token"), token)
}
if authToken != "" {
ctx = context.WithValue(ctx, utils.ContextAuthTokenKey, authToken)
}

var operator string
addrSlice := strings.Split(h.Request.Request.RemoteAddr, ":")
if len(addrSlice) == 2 {
operator = "HTTP:" + addrSlice[0]
if platformID != "" {
operator += "(" + platformID + ")"
}
}
if staffName := h.Request.HeaderParameter("Staffname"); staffName != "" {
operator = staffName
}
ctx = context.WithValue(ctx, utils.StringContext("operator"), operator)

return ctx, nil
return h.ParseHeaderContext(), nil
}

// Parse 解析请求
Expand All @@ -126,7 +94,7 @@ func (h *Handler) Parse(message proto.Message) (context.Context, error) {
accesslog.Error(err.Error(), utils.ZapRequestID(requestID))
return nil, err
}
return h.postParseMessage(requestID)
return h.ParseHeaderContext(), nil
}

// ParseHeaderContext 将http请求header中携带的用户信息提取出来
Expand Down
62 changes: 46 additions & 16 deletions auth/api.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,22 +25,22 @@ import (
apiservice "github.com/polarismesh/specification/source/go/api/v1/service_manage"

cachetypes "github.com/polarismesh/polaris/cache/api"
"github.com/polarismesh/polaris/common/model/auth"
authcommon "github.com/polarismesh/polaris/common/model/auth"
"github.com/polarismesh/polaris/store"
)

// AuthChecker 权限管理通用接口定义
type AuthChecker interface {
// CheckClientPermission 执行检查客户端动作判断是否有权限,并且对 RequestContext 注入操作者数据
CheckClientPermission(preCtx *auth.AcquireContext) (bool, error)
CheckClientPermission(preCtx *authcommon.AcquireContext) (bool, error)
// CheckConsolePermission 执行检查控制台动作判断是否有权限,并且对 RequestContext 注入操作者数据
CheckConsolePermission(preCtx *auth.AcquireContext) (bool, error)
CheckConsolePermission(preCtx *authcommon.AcquireContext) (bool, error)
// IsOpenConsoleAuth 返回是否开启了操作鉴权,可以用于前端查询
IsOpenConsoleAuth() bool
// IsOpenClientAuth
IsOpenClientAuth() bool
// AllowResourceOperate 是否允许资源的操作
AllowResourceOperate(ctx *auth.AcquireContext, opInfo *auth.ResourceOpInfo) bool
// ResourcePredicate 是否允许资源的操作
ResourcePredicate(ctx *authcommon.AcquireContext, opInfo *authcommon.ResourceEntry) bool
}

// StrategyServer 策略相关操作
Expand All @@ -49,6 +49,20 @@ type StrategyServer interface {
Initialize(*Config, store.Store, cachetypes.CacheManager, UserServer) error
// Name 策略管理server名称
Name() string
// PolicyOperator .
PolicyOperator
// RoleOperator .
RoleOperator
// PolicyHelper .
PolicyHelper() PolicyHelper
// GetAuthChecker 获取鉴权检查器
GetAuthChecker() AuthChecker
// AfterResourceOperation 操作完资源的后置处理逻辑
AfterResourceOperation(afterCtx *authcommon.AcquireContext) error
}

// PolicyOperator 策略管理
type PolicyOperator interface {
// CreateStrategy 创建策略
CreateStrategy(ctx context.Context, strategy *apisecurity.AuthStrategy) *apiservice.Response
// UpdateStrategies 批量更新策略
Expand All @@ -63,10 +77,18 @@ type StrategyServer interface {
GetStrategy(ctx context.Context, strategy *apisecurity.AuthStrategy) *apiservice.Response
// GetPrincipalResources 获取某个 principal 的所有可操作资源列表
GetPrincipalResources(ctx context.Context, query map[string]string) *apiservice.Response
// GetAuthChecker 获取鉴权检查器
GetAuthChecker() AuthChecker
// AfterResourceOperation 操作完资源的后置处理逻辑
AfterResourceOperation(afterCtx *auth.AcquireContext) error
}

// RoleOperator 角色管理
type RoleOperator interface {
// CreateRoles 批量创建角色
CreateRoles(ctx context.Context, reqs []*apisecurity.Role) *apiservice.BatchWriteResponse
// UpdateRoles 批量更新角色
UpdateRoles(ctx context.Context, reqs []*apisecurity.Role) *apiservice.BatchWriteResponse
// DeleteRoles 批量删除角色
DeleteRoles(ctx context.Context, reqs []*apisecurity.Role) *apiservice.BatchWriteResponse
// GetRoles 查询角色列表
GetRoles(ctx context.Context, query map[string]string) *apiservice.BatchQueryResponse
}

// UserServer 用户数据管理 server
Expand All @@ -78,7 +100,7 @@ type UserServer interface {
// Login 登录动作
Login(req *apisecurity.LoginRequest) *apiservice.Response
// CheckCredential 检查当前操作用户凭证
CheckCredential(authCtx *auth.AcquireContext) error
CheckCredential(authCtx *authcommon.AcquireContext) error
// UserOperator
UserOperator
// GroupOperator
Expand All @@ -100,8 +122,8 @@ type UserOperator interface {
GetUsers(ctx context.Context, query map[string]string) *apiservice.BatchQueryResponse
// GetUserToken 获取用户的 token
GetUserToken(ctx context.Context, user *apisecurity.User) *apiservice.Response
// UpdateUserToken 禁止用户的token使用
UpdateUserToken(ctx context.Context, user *apisecurity.User) *apiservice.Response
// EnableUserToken 禁止用户的token使用
EnableUserToken(ctx context.Context, user *apisecurity.User) *apiservice.Response
// ResetUserToken 重置用户的token
ResetUserToken(ctx context.Context, user *apisecurity.User) *apiservice.Response
}
Expand All @@ -119,8 +141,8 @@ type GroupOperator interface {
GetGroup(ctx context.Context, req *apisecurity.UserGroup) *apiservice.Response
// GetGroupToken 获取用户组的 token
GetGroupToken(ctx context.Context, group *apisecurity.UserGroup) *apiservice.Response
// UpdateGroupToken 取消用户组的 token 使用
UpdateGroupToken(ctx context.Context, group *apisecurity.UserGroup) *apiservice.Response
// EnableGroupToken 取消用户组的 token 使用
EnableGroupToken(ctx context.Context, group *apisecurity.UserGroup) *apiservice.Response
// ResetGroupToken 重置用户组的 token
ResetGroupToken(ctx context.Context, group *apisecurity.UserGroup) *apiservice.Response
}
Expand All @@ -142,6 +164,14 @@ type UserHelper interface {
GetGroup(ctx context.Context, req *apisecurity.UserGroup) *apisecurity.UserGroup
}

// PolicyHelper .
type PolicyHelper interface {
// CreatePrincipal 创建 principal 的默认 policy 资源
CreatePrincipal(ctx context.Context, tx store.Tx, p authcommon.Principal) error
// CleanPrincipal 清理 principal 所关联的 policy、role 资源
CleanPrincipal(ctx context.Context, tx store.Tx, p authcommon.Principal) error
}

// OperatorInfo 根据 token 解析出来的具体额外信息
type OperatorInfo struct {
// Origin 原始 token 字符串
Expand All @@ -151,7 +181,7 @@ type OperatorInfo struct {
// OwnerID 当前用户/用户组对应的 owner
OwnerID string
// Role 如果当前是 user token 的话,该值才能有信息
Role auth.UserRoleType
Role authcommon.UserRoleType
// IsUserToken 当前 token 是否是 user 的 token
IsUserToken bool
// Disable 标识用户 token 是否被禁用
Expand All @@ -176,7 +206,7 @@ func IsEmptyOperator(t OperatorInfo) bool {

// IsSubAccount 当前 token 对应的账户类型
func IsSubAccount(t OperatorInfo) bool {
return t.Role == auth.SubAccountUserRole
return t.Role == authcommon.SubAccountUserRole
}

func (t *OperatorInfo) String() string {
Expand Down
Loading
Loading