vitess.io/vitess@v0.16.2/go/vt/vtadmin/rbac/rbac.go

vitess.io/vitess@v0.16.2/go/vt/vtadmin/rbac/rbac.go (about)

     1  /*
     2  Copyright 2021 The Vitess Authors.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8  	http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  /*
    18  Package rbac provides role-based access control for vtadmin API endpoints.
    19  
    20  Functionality is split between two distinct components: the authenticator and
    21  the authorizer.
    22  
    23  The authenticator is optional, and is responsible for extracting information
    24  from a request (gRPC or HTTP) to produce an Actor, which is added to the context
    25  by interceptors/middlewares and eventually checked by the authorizer.
    26  
    27  The authorizer maintains a set of rules for each resource type, and, given a
    28  request context, action, resource, and cluster, checks its ruleset to see if
    29  the Actor in the context (set by some authenticator) has a rule allowing it to
    30  perform that <action, resource, cluster> tuple.
    31  
    32  The design of package rbac is governed by the following principles:
    33  
    34  1. Authentication is pluggable. Authorization is configurable.
    35  
    36  VTAdmin will not be specific about how exactly you authenticate users for your
    37  setup. Instead, users can provide whatever implementation suits their needs that
    38  conforms to the expected Authenticator interface, and vtadmin will use that when
    39  setting up the interceptors/middlewares. Currently, authenticators may be
    40  registered at runtime via the rbac.RegisterAuthenticator method, or may be set
    41  as a Go plugin (built via `go build -buildmode=plugin`) by setting the
    42  authenticator name as a path ending in ".so" in the rbac config.
    43  
    44  2. Permissions are additive. There is no concept of a negative permission (or
    45  revocation). To "revoke" a permission from a user or role, structure your rules
    46  such that they are never granted that permission.
    47  
    48  3. Authentication is done at the gRPC/HTTP ingress boundaries.
    49  
    50  4. Authorization is done at the API boundary. Individual clusters do not perform
    51  authorization checks, instead relying on the calling API method to perform that
    52  check before calling into the cluster.
    53  
    54  5. Being unauthorized for an <action, resource> for a cluster does not fail the
    55  overall request. Instead, the action is simply not taken in that cluster, and is
    56  still taken in other clusters for which the actor is authorized.
    57  */
    58  package rbac
    59  
    60  // Action is an enum representing the possible actions that can be taken. Not
    61  // every resource supports every possible action.
    62  type Action string
    63  
    64  // Action definitions.
    65  const (
    66  	/* generic actions */
    67  
    68  	CreateAction Action = "create"
    69  	DeleteAction Action = "delete"
    70  	GetAction    Action = "get"
    71  	PingAction   Action = "ping"
    72  	PutAction    Action = "put"
    73  	ReloadAction Action = "reload"
    74  
    75  	/* shard-specific actions */
    76  
    77  	EmergencyFailoverShardAction   Action = "emergency_failover_shard"
    78  	PlannedFailoverShardAction     Action = "planned_failover_shard"
    79  	TabletExternallyPromotedAction Action = "tablet_externally_promoted" // NOTE: even though "tablet" is in the name, this actually operates on the tablet's shard.
    80  
    81  	/* tablet-specific actions */
    82  
    83  	ManageTabletReplicationAction        Action = "manage_tablet_replication" // Start/Stop Replication
    84  	ManageTabletWritabilityAction        Action = "manage_tablet_writability" // SetRead{Only,Write}
    85  	RefreshTabletReplicationSourceAction Action = "refresh_tablet_replication_source"
    86  )
    87  
    88  // Resource is an enum representing all resources managed by vtadmin.
    89  type Resource string
    90  
    91  // Resource definitions.
    92  const (
    93  	ClusterResource  Resource = "Cluster"
    94  	TopologyResource Resource = "Topology"
    95  
    96  	/* generic topo resources */
    97  
    98  	CellInfoResource   Resource = "CellInfo"
    99  	CellsAliasResource Resource = "CellsAlias"
   100  	KeyspaceResource   Resource = "Keyspace"
   101  	ShardResource      Resource = "Shard"
   102  	TabletResource     Resource = "Tablet"
   103  	VTGateResource     Resource = "VTGate"
   104  	VtctldResource     Resource = "Vtctld"
   105  
   106  	/* vschema resources */
   107  
   108  	SrvVSchemaResource Resource = "SrvVSchema"
   109  	VSchemaResource    Resource = "VSchema"
   110  
   111  	/* misc resources */
   112  
   113  	BackupResource                   Resource = "Backup"
   114  	SchemaResource                   Resource = "Schema"
   115  	ShardReplicationPositionResource Resource = "ShardReplicationPosition"
   116  	WorkflowResource                 Resource = "Workflow"
   117  
   118  	VTExplainResource Resource = "VTExplain"
   119  
   120  	TabletFullStatusResource Resource = "TabletFullStatus"
   121  )