github.com/polarismesh/polaris@v1.17.8/common/model/auth.go (about) 1 /** 2 * Tencent is pleased to support the open source community by making Polaris available. 3 * 4 * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. 5 * 6 * Licensed under the BSD 3-Clause License (the "License"); 7 * you may not use this file except in compliance with the License. 8 * You may obtain a copy of the License at 9 * 10 * https://opensource.org/licenses/BSD-3-Clause 11 * 12 * Unless required by applicable law or agreed to in writing, software distributed 13 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 * specific language governing permissions and limitations under the License. 16 */ 17 18 package model 19 20 import ( 21 "errors" 22 "fmt" 23 "strconv" 24 "time" 25 ) 26 27 var ( 28 // ErrorNoUser 没有找到对应的用户 29 ErrorNoUser error = errors.New("no such user") 30 31 // ErrorNoUserGroup 没有找到对应的用户组 32 ErrorNoUserGroup error = errors.New("no such user group") 33 34 // ErrorNoNamespace 没有找到对应的命名空间 35 ErrorNoNamespace error = errors.New("no such namespace") 36 37 // ErrorNoService 没有找到对应的服务 38 ErrorNoService error = errors.New("no such service") 39 40 // ErrorWrongUsernameOrPassword 用户或者密码错误 41 ErrorWrongUsernameOrPassword error = errors.New("name or password is wrong") 42 43 // ErrorTokenNotExist token 不存在 44 ErrorTokenNotExist error = errors.New("token not exist") 45 46 // ErrorTokenInvalid 非法的 token 47 ErrorTokenInvalid error = errors.New("invalid token") 48 49 // ErrorTokenDisabled token 已经被禁用 50 ErrorTokenDisabled error = errors.New("token already disabled") 51 ) 52 53 const ( 54 OperatorRoleKey string = "operator_role" 55 OperatorPrincipalType string = "operator_principal" 56 OperatorIDKey string = "operator_id" 57 OperatorOwnerKey string = "operator_owner" 58 OperatorLinkStrategy string = "operator_link_strategy" 59 LinkUsersKey string = "link_users" 60 LinkGroupsKey string = "link_groups" 61 RemoveLinkUsersKey string = "remove_link_users" 62 RemoveLinkGroupsKey string = "remove_link_groups" 63 64 TokenDetailInfoKey string = "TokenInfo" 65 TokenForUser string = "uid" 66 TokenForUserGroup string = "groupid" 67 68 ResourceAttachmentKey string = "resource_attachment" 69 ) 70 71 func _() { 72 // An "invalid array index" compiler error signifies that the constant values have changed. 73 // Re-run the stringer command to generate them again. 74 var x [1]struct{} 75 _ = x[PrincipalUser-1] 76 _ = x[PrincipalGroup-2] 77 } 78 79 const _PrincipalType_name = "PrincipalUserPrincipalGroup" 80 81 var _PrincipalType_index = [...]uint8{0, 13, 27} 82 83 func (i PrincipalType) String() string { 84 i -= 1 85 if i < 0 || i >= PrincipalType(len(_PrincipalType_index)-1) { 86 return "PrincipalType(" + strconv.FormatInt(int64(i+1), 10) + ")" 87 } 88 return _PrincipalType_name[_PrincipalType_index[i]:_PrincipalType_index[i+1]] 89 } 90 91 //go:generate stringer -type=PrincipalType 92 type PrincipalType int 93 94 const ( 95 PrincipalUser PrincipalType = 1 96 PrincipalGroup PrincipalType = 2 97 ) 98 99 // CheckPrincipalType 检查鉴权策略成员角色信息 100 func CheckPrincipalType(role int) error { 101 switch PrincipalType(role) { 102 case PrincipalUser: 103 return nil 104 case PrincipalGroup: 105 return nil 106 default: 107 return errors.New("invalid principal type") 108 } 109 } 110 111 var ( 112 // PrincipalNames principal name map 113 PrincipalNames = map[PrincipalType]string{ 114 PrincipalUser: "user", 115 PrincipalGroup: "group", 116 } 117 ) 118 119 const ( 120 121 // DefaultStrategySuffix 默认策略的名称前缀 122 DefaultStrategySuffix string = "的默认策略" 123 ) 124 125 // BuildDefaultStrategyName 构建默认鉴权策略的名称信息 126 func BuildDefaultStrategyName(role PrincipalType, name string) string { 127 if role == PrincipalUser { 128 return fmt.Sprintf("%s%s%s", "(用户) ", name, DefaultStrategySuffix) 129 } 130 return fmt.Sprintf("%s%s%s", "(用户组) ", name, DefaultStrategySuffix) 131 } 132 133 // ResourceOperation 资源操作 134 type ResourceOperation int16 135 136 const ( 137 // Read 只读动作 138 Read ResourceOperation = 10 139 // Create 创建动作 140 Create ResourceOperation = 20 141 // Modify 修改动作 142 Modify ResourceOperation = 30 143 // Delete 删除动作 144 Delete ResourceOperation = 40 145 ) 146 147 // BzModule 模块标识 148 type BzModule int16 149 150 const ( 151 // UnknowModule 未知模块 152 UnknowModule BzModule = iota 153 // CoreModule 核心模块 154 CoreModule 155 // DiscoverModule 服务模块 156 DiscoverModule 157 // ConfigModule 配置模块 158 ConfigModule 159 // AuthModule 鉴权模块 160 AuthModule 161 // MaintainModule 运维操作模块 162 MaintainModule 163 // BootstrapModule 初始化模块 164 BootstrapModule 165 ) 166 167 // UserRoleType 用户角色类型 168 type UserRoleType int 169 170 const ( 171 UnknownUserRole UserRoleType = -1 172 AdminUserRole UserRoleType = 0 173 OwnerUserRole UserRoleType = 20 174 SubAccountUserRole UserRoleType = 50 175 ) 176 177 var ( 178 UserRoleNames = map[UserRoleType]string{ 179 AdminUserRole: "admin", 180 OwnerUserRole: "main", 181 SubAccountUserRole: "sub", 182 } 183 ) 184 185 // ResourceEntry 资源最简单信息 186 type ResourceEntry struct { 187 ID string 188 Owner string 189 } 190 191 // User 用户 192 type User struct { 193 ID string 194 Name string 195 Password string 196 Owner string 197 Source string 198 Mobile string 199 Email string 200 Type UserRoleType 201 Token string 202 TokenEnable bool 203 Valid bool 204 Comment string 205 CreateTime time.Time 206 ModifyTime time.Time 207 } 208 209 // UserGroupDetail 用户组详细(带用户列表) 210 type UserGroupDetail struct { 211 *UserGroup 212 213 // UserIds改为 map 的形式,加速查询 214 UserIds map[string]struct{} 215 } 216 217 // ToUserIdSlice 将用户ID Map 专为 slice 218 func (ugd *UserGroupDetail) ToUserIdSlice() []string { 219 uids := make([]string, 0, len(ugd.UserIds)) 220 for uid := range ugd.UserIds { 221 uids = append(uids, uid) 222 } 223 224 return uids 225 } 226 227 // UserGroup 用户组 228 type UserGroup struct { 229 ID string 230 Name string 231 Owner string 232 Token string 233 TokenEnable bool 234 Valid bool 235 Comment string 236 CreateTime time.Time 237 ModifyTime time.Time 238 } 239 240 // ModifyUserGroup 用户组修改 241 type ModifyUserGroup struct { 242 ID string 243 Owner string 244 Token string 245 TokenEnable bool 246 Comment string 247 AddUserIds []string 248 RemoveUserIds []string 249 } 250 251 // UserGroupRelation 用户-用户组关联关系具体信息 252 type UserGroupRelation struct { 253 GroupID string 254 UserIds []string 255 CreateTime time.Time 256 ModifyTime time.Time 257 } 258 259 // StrategyDetail 鉴权策略详细 260 type StrategyDetail struct { 261 ID string 262 Name string 263 Action string 264 Comment string 265 Principals []Principal 266 Default bool 267 Owner string 268 Resources []StrategyResource 269 Valid bool 270 Revision string 271 CreateTime time.Time 272 ModifyTime time.Time 273 } 274 275 // StrategyDetailCache 鉴权策略详细 276 type StrategyDetailCache struct { 277 *StrategyDetail 278 UserPrincipal map[string]Principal 279 GroupPrincipal map[string]Principal 280 } 281 282 // ModifyStrategyDetail 修改鉴权策略详细 283 type ModifyStrategyDetail struct { 284 ID string 285 Name string 286 Action string 287 Comment string 288 AddPrincipals []Principal 289 RemovePrincipals []Principal 290 AddResources []StrategyResource 291 RemoveResources []StrategyResource 292 ModifyTime time.Time 293 } 294 295 // Strategy 策略main信息 296 type Strategy struct { 297 ID string 298 Name string 299 Principal string 300 Action string 301 Comment string 302 Owner string 303 Default bool 304 Valid bool 305 CreateTime time.Time 306 ModifyTime time.Time 307 } 308 309 // StrategyResource 策略资源 310 type StrategyResource struct { 311 StrategyID string 312 ResType int32 313 ResID string 314 } 315 316 // Principal 策略相关人 317 type Principal struct { 318 StrategyID string 319 PrincipalID string 320 PrincipalRole PrincipalType 321 }