github.com/polarismesh/polaris@v1.17.8/auth/api.go (about) 1 /** 2 * Tencent is pleased to support the open source community by making Polaris available. 3 * 4 * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. 5 * 6 * Licensed under the BSD 3-Clause License (the "License"); 7 * you may not use this file except in compliance with the License. 8 * You may obtain a copy of the License at 9 * 10 * https://opensource.org/licenses/BSD-3-Clause 11 * 12 * Unless required by applicable law or agreed to in writing, software distributed 13 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 * specific language governing permissions and limitations under the License. 16 */ 17 18 package auth 19 20 import ( 21 "context" 22 23 apisecurity "github.com/polarismesh/specification/source/go/api/v1/security" 24 apiservice "github.com/polarismesh/specification/source/go/api/v1/service_manage" 25 26 "github.com/polarismesh/polaris/cache" 27 "github.com/polarismesh/polaris/common/model" 28 "github.com/polarismesh/polaris/store" 29 ) 30 31 // AuthChecker 权限管理通用接口定义 32 type AuthChecker interface { 33 // Initialize 执行初始化动作 34 Initialize(options *Config, storage store.Store, cacheMgn *cache.CacheManager) error 35 // VerifyCredential 验证令牌 36 VerifyCredential(preCtx *model.AcquireContext) error 37 // CheckClientPermission 执行检查客户端动作判断是否有权限,并且对 RequestContext 注入操作者数据 38 CheckClientPermission(preCtx *model.AcquireContext) (bool, error) 39 // CheckConsolePermission 执行检查控制台动作判断是否有权限,并且对 RequestContext 注入操作者数据 40 CheckConsolePermission(preCtx *model.AcquireContext) (bool, error) 41 // IsOpenConsoleAuth 返回是否开启了操作鉴权,可以用于前端查询 42 IsOpenConsoleAuth() bool 43 // IsOpenClientAuth 44 IsOpenClientAuth() bool 45 } 46 47 // UserServer 用户数据管理 server 48 type UserServer interface { 49 // Initialize 初始化 50 Initialize(authOpt *Config, storage store.Store, cacheMgn *cache.CacheManager) error 51 // Name 用户数据管理server名称 52 Name() string 53 // CreateUsers 批量创建用户 54 CreateUsers(ctx context.Context, users []*apisecurity.User) *apiservice.BatchWriteResponse 55 // UpdateUser 更新用户信息 56 UpdateUser(ctx context.Context, user *apisecurity.User) *apiservice.Response 57 // UpdateUserPassword 更新用户密码 58 UpdateUserPassword(ctx context.Context, req *apisecurity.ModifyUserPassword) *apiservice.Response 59 // DeleteUsers 批量删除用户 60 DeleteUsers(ctx context.Context, users []*apisecurity.User) *apiservice.BatchWriteResponse 61 // GetUsers 查询用户列表 62 GetUsers(ctx context.Context, query map[string]string) *apiservice.BatchQueryResponse 63 // GetUserToken 获取用户的 token 64 GetUserToken(ctx context.Context, user *apisecurity.User) *apiservice.Response 65 // UpdateUserToken 禁止用户的token使用 66 UpdateUserToken(ctx context.Context, user *apisecurity.User) *apiservice.Response 67 // ResetUserToken 重置用户的token 68 ResetUserToken(ctx context.Context, user *apisecurity.User) *apiservice.Response 69 // Login 登录动作 70 Login(req *apisecurity.LoginRequest) *apiservice.Response 71 GroupOperator 72 } 73 74 // GroupOperator 用户组相关操作 75 type GroupOperator interface { 76 // CreateGroup 创建用户组 77 CreateGroup(ctx context.Context, group *apisecurity.UserGroup) *apiservice.Response 78 // UpdateGroups 更新用户组 79 UpdateGroups(ctx context.Context, groups []*apisecurity.ModifyUserGroup) *apiservice.BatchWriteResponse 80 // DeleteGroups 批量删除用户组 81 DeleteGroups(ctx context.Context, group []*apisecurity.UserGroup) *apiservice.BatchWriteResponse 82 // GetGroups 查询用户组列表(不带用户详细信息) 83 GetGroups(ctx context.Context, query map[string]string) *apiservice.BatchQueryResponse 84 // GetGroup 根据用户组信息,查询该用户组下的用户相信 85 GetGroup(ctx context.Context, req *apisecurity.UserGroup) *apiservice.Response 86 // GetGroupToken 获取用户组的 token 87 GetGroupToken(ctx context.Context, group *apisecurity.UserGroup) *apiservice.Response 88 // UpdateGroupToken 取消用户组的 token 使用 89 UpdateGroupToken(ctx context.Context, group *apisecurity.UserGroup) *apiservice.Response 90 // ResetGroupToken 重置用户组的 token 91 ResetGroupToken(ctx context.Context, group *apisecurity.UserGroup) *apiservice.Response 92 } 93 94 // StrategyServer 策略相关操作 95 type StrategyServer interface { 96 // Initialize 初始化 97 Initialize(authOpt *Config, storage store.Store, cacheMgn *cache.CacheManager) error 98 // Name 策略管理server名称 99 Name() string 100 // CreateStrategy 创建策略 101 CreateStrategy(ctx context.Context, strategy *apisecurity.AuthStrategy) *apiservice.Response 102 // UpdateStrategies 批量更新策略 103 UpdateStrategies(ctx context.Context, reqs []*apisecurity.ModifyAuthStrategy) *apiservice.BatchWriteResponse 104 // DeleteStrategies 删除策略 105 DeleteStrategies(ctx context.Context, reqs []*apisecurity.AuthStrategy) *apiservice.BatchWriteResponse 106 // GetStrategies 获取资源列表 107 // support 1. 支持按照 principal-id + principal-role 进行查询 108 // support 2. 支持普通的鉴权策略查询 109 GetStrategies(ctx context.Context, query map[string]string) *apiservice.BatchQueryResponse 110 // GetStrategy 获取策略详细 111 GetStrategy(ctx context.Context, strategy *apisecurity.AuthStrategy) *apiservice.Response 112 // GetPrincipalResources 获取某个 principal 的所有可操作资源列表 113 GetPrincipalResources(ctx context.Context, query map[string]string) *apiservice.Response 114 // GetAuthChecker 获取鉴权检查器 115 GetAuthChecker() AuthChecker 116 // AfterResourceOperation 操作完资源的后置处理逻辑 117 AfterResourceOperation(afterCtx *model.AcquireContext) error 118 }