github.com/polarismesh/polaris@v1.17.8/namespace/resource_listener.go (about) 1 /** 2 * Tencent is pleased to support the open source community by making Polaris available. 3 * 4 * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. 5 * 6 * Licensed under the BSD 3-Clause License (the "License"); 7 * you may not use this file except in compliance with the License. 8 * You may obtain a copy of the License at 9 * 10 * https://opensource.org/licenses/BSD-3-Clause 11 * 12 * Unless required by applicable law or agreed to in writing, software distributed 13 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 * specific language governing permissions and limitations under the License. 16 */ 17 18 package namespace 19 20 import ( 21 "context" 22 23 apimodel "github.com/polarismesh/specification/source/go/api/v1/model" 24 apisecurity "github.com/polarismesh/specification/source/go/api/v1/security" 25 26 "github.com/polarismesh/polaris/common/model" 27 "github.com/polarismesh/polaris/common/utils" 28 ) 29 30 // ResourceHook The listener is placed before and after the resource operation, only normal flow 31 type ResourceHook interface { 32 33 // Before 34 // @param ctx 35 // @param resourceType 36 Before(ctx context.Context, resourceType model.Resource) 37 38 // After 39 // @param ctx 40 // @param resourceType 41 // @param res 42 After(ctx context.Context, resourceType model.Resource, res *ResourceEvent) error 43 } 44 45 // ResourceEvent 资源事件 46 type ResourceEvent struct { 47 ReqNamespace *apimodel.Namespace 48 Namespace *model.Namespace 49 IsRemove bool 50 } 51 52 // Before this function is called before the resource operation 53 func (svr *serverAuthAbility) Before(ctx context.Context, resourceType model.Resource) { 54 // do nothing 55 } 56 57 // After this function is called after the resource operation 58 func (svr *serverAuthAbility) After(ctx context.Context, resourceType model.Resource, res *ResourceEvent) error { 59 switch resourceType { 60 case model.RNamespace: 61 return svr.onNamespaceResource(ctx, res) 62 default: 63 return nil 64 } 65 } 66 67 // onNamespaceResource 68 func (svr *serverAuthAbility) onNamespaceResource(ctx context.Context, res *ResourceEvent) error { 69 authCtx, _ := ctx.Value(utils.ContextAuthContextKey).(*model.AcquireContext) 70 if authCtx == nil { 71 log.Warn("[Namespace][ResourceHook] get auth context is nil, ignore", utils.RequestID(ctx)) 72 return nil 73 } 74 75 authCtx.SetAttachment(model.ResourceAttachmentKey, map[apisecurity.ResourceType][]model.ResourceEntry{ 76 apisecurity.ResourceType_Namespaces: { 77 { 78 ID: res.Namespace.Name, 79 Owner: utils.ParseOwnerID(ctx), 80 }, 81 }, 82 }) 83 84 users := utils.ConvertStringValuesToSlice(res.ReqNamespace.UserIds) 85 removeUses := utils.ConvertStringValuesToSlice(res.ReqNamespace.RemoveUserIds) 86 87 groups := utils.ConvertStringValuesToSlice(res.ReqNamespace.GroupIds) 88 removeGroups := utils.ConvertStringValuesToSlice(res.ReqNamespace.RemoveGroupIds) 89 90 authCtx.SetAttachment(model.LinkUsersKey, utils.StringSliceDeDuplication(users)) 91 authCtx.SetAttachment(model.RemoveLinkUsersKey, utils.StringSliceDeDuplication(removeUses)) 92 93 authCtx.SetAttachment(model.LinkGroupsKey, utils.StringSliceDeDuplication(groups)) 94 authCtx.SetAttachment(model.RemoveLinkGroupsKey, utils.StringSliceDeDuplication(removeGroups)) 95 96 return svr.strategyMgn.AfterResourceOperation(authCtx) 97 }