github.com/polarismesh/polaris@v1.17.8/service/resource_listen.go (about)

     1  /**
     2   * Tencent is pleased to support the open source community by making Polaris available.
     3   *
     4   * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
     5   *
     6   * Licensed under the BSD 3-Clause License (the "License");
     7   * you may not use this file except in compliance with the License.
     8   * You may obtain a copy of the License at
     9   *
    10   * https://opensource.org/licenses/BSD-3-Clause
    11   *
    12   * Unless required by applicable law or agreed to in writing, software distributed
    13   * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
    14   * CONDITIONS OF ANY KIND, either express or implied. See the License for the
    15   * specific language governing permissions and limitations under the License.
    16   */
    17  
    18  package service
    19  
    20  import (
    21  	"context"
    22  
    23  	apisecurity "github.com/polarismesh/specification/source/go/api/v1/security"
    24  	apiservice "github.com/polarismesh/specification/source/go/api/v1/service_manage"
    25  
    26  	"github.com/polarismesh/polaris/common/model"
    27  	"github.com/polarismesh/polaris/common/utils"
    28  )
    29  
    30  // ResourceHook The listener is placed before and after the resource operation, only normal flow
    31  type ResourceHook interface {
    32  
    33  	// Before
    34  	//  @param ctx
    35  	//  @param resourceType
    36  	Before(ctx context.Context, resourceType model.Resource)
    37  
    38  	// After
    39  	//  @param ctx
    40  	//  @param resourceType
    41  	//  @param res
    42  	After(ctx context.Context, resourceType model.Resource, res *ResourceEvent) error
    43  }
    44  
    45  // ResourceEvent 资源事件
    46  type ResourceEvent struct {
    47  	ReqService *apiservice.Service
    48  	Service    *model.Service
    49  	IsRemove   bool
    50  }
    51  
    52  // Before this function is called before the resource operation
    53  func (svr *serverAuthAbility) Before(ctx context.Context, resourceType model.Resource) {
    54  	// do nothing
    55  }
    56  
    57  // After this function is called after the resource operation
    58  func (svr *serverAuthAbility) After(ctx context.Context, resourceType model.Resource, res *ResourceEvent) error {
    59  	switch resourceType {
    60  	case model.RService:
    61  		return svr.onServiceResource(ctx, res)
    62  	default:
    63  		return nil
    64  	}
    65  }
    66  
    67  // onServiceResource 服务资源的处理,只处理服务,namespace 只由 namespace 相关的进行处理,
    68  func (svr *serverAuthAbility) onServiceResource(ctx context.Context, res *ResourceEvent) error {
    69  	authCtx := ctx.Value(utils.ContextAuthContextKey).(*model.AcquireContext)
    70  	ownerId := utils.ParseOwnerID(ctx)
    71  
    72  	authCtx.SetAttachment(model.ResourceAttachmentKey, map[apisecurity.ResourceType][]model.ResourceEntry{
    73  		apisecurity.ResourceType_Services: {
    74  			{
    75  				ID:    res.Service.ID,
    76  				Owner: ownerId,
    77  			},
    78  		},
    79  	})
    80  
    81  	users := utils.ConvertStringValuesToSlice(res.ReqService.UserIds)
    82  	removeUses := utils.ConvertStringValuesToSlice(res.ReqService.RemoveUserIds)
    83  
    84  	groups := utils.ConvertStringValuesToSlice(res.ReqService.GroupIds)
    85  	removeGroups := utils.ConvertStringValuesToSlice(res.ReqService.RemoveGroupIds)
    86  
    87  	authCtx.SetAttachment(model.LinkUsersKey, utils.StringSliceDeDuplication(users))
    88  	authCtx.SetAttachment(model.RemoveLinkUsersKey, utils.StringSliceDeDuplication(removeUses))
    89  
    90  	authCtx.SetAttachment(model.LinkGroupsKey, utils.StringSliceDeDuplication(groups))
    91  	authCtx.SetAttachment(model.RemoveLinkGroupsKey, utils.StringSliceDeDuplication(removeGroups))
    92  
    93  	return svr.strategyMgn.AfterResourceOperation(authCtx)
    94  }