README
¶
Overview
iam-go-sdk 是蓝鲸权限中心(BK-IAM)提供的用于快速接入权限体系的go SDK
Features
- 鉴权支持: IsAllowed / IsAllowedWithCache
- 单个操作批量资源鉴权: BatchIsAllowed
- 单个资源批量操作鉴权: ResourceMultiActionsAllowed
- 批量资源批量操作鉴权: BatchResourceMultiActionsAllowed
- 生成无权限申请URL: GetApplyURL
- 生成无权限协议json: GenPermissionApplyData
- 资源反向拉取接口basic auth鉴权: IsBasicAuthAllowed / 以及basic auth middleware
- 获取系统Token: GetToken
- 支持prometheus统计接口调用信息
- 支持反向拉取框架 dispatcher/provider interface
Getting started
Installation
$ go get -u github.com/TencentBlueKing/iam-go-sdk
Usage
Benchmark
$ make bench
BenchmarkExprCellEqual-12 6156810 193 ns/op 32 B/op 1 allocs/op
BenchmarkExprCellNotEqual-12 6286323 190 ns/op 32 B/op 1 allocs/op
BenchmarkExprCellLess-12 8583621 142 ns/op 32 B/op 1 allocs/op
BenchmarkExprCellStartsWith-12 9665572 126 ns/op 32 B/op 1 allocs/op
BenchmarkExprCellIn-12 2872075 411 ns/op 64 B/op 3 allocs/op
Roadmap
Support
- 蓝鲸论坛
- 蓝鲸 DevOps 在线视频教程
- 联系我们,技术交流QQ群:
BlueKing Community
- BK-CI:蓝鲸持续集成平台是一个开源的持续集成和持续交付系统,可以轻松将你的研发流程呈现到你面前。
- BK-BCS:蓝鲸容器管理平台是以容器技术为基础,为微服务业务提供编排管理的基础服务平台。
- BK-BCS-SaaS:蓝鲸容器管理平台SaaS基于原生Kubernetes和Mesos自研的两种模式,提供给用户高度可扩展、灵活易用的容器产品服务。
- BK-PaaS:蓝鲸PaaS平台是一个开放式的开发平台,让开发者可以方便快捷地创建、开发、部署和管理SaaS应用。
- BK-SOPS:标准运维(SOPS)是通过可视化的图形界面进行任务流程编排和执行的系统,是蓝鲸体系中一款轻量级的调度编排类SaaS产品。
- BK-CMDB:蓝鲸配置平台是一个面向资产及应用的企业级配置管理平台。
Contributing
如果你有好的意见或建议,欢迎给我们提 Issues 或 Pull Requests,为蓝鲸开源社区贡献力量。
License
基于 MIT 协议, 详细请参考LICENSE
Documentation
¶
Index ¶
- Constants
- func NewObjectSet(resources Resources) expression.ObjectSetInterface
- type Action
- type ActionPolicy
- type Application
- type ApplicationAction
- type ApplicationActionForApply
- type ApplicationActionListForApply
- type ApplicationRelatedResourceType
- type ApplicationRelatedResourceTypeWithName
- type ApplicationResourceInstance
- type ApplicationResourceInstanceWithName
- type ApplicationResourceNode
- type ApplicationResourceNodeWithName
- type H
- type IAM
- func (i *IAM) BatchIsAllowed(request Request, resourcesList []Resources) (result map[string]bool, err error)
- func (i *IAM) BatchResourceMultiActionsAllowed(request MultiActionRequest, resourcesList []Resources) (results map[string]map[string]bool, err error)
- func (i *IAM) GenPermissionApplyData(a ApplicationActionListForApply) (data H, err error)
- func (i *IAM) GetApplyURL(application Application, bkToken string, bkUsername string) (url string, err error)
- func (i *IAM) GetToken() (token string, err error)
- func (i *IAM) IsAllowed(request Request) (allowed bool, err error)
- func (i *IAM) IsAllowedWithCache(request Request, ttl time.Duration) (allowed bool, err error)
- func (i *IAM) IsBasicAuthAllowed(username, password string) (err error)
- func (i *IAM) ResourceMultiActionsAllowed(request MultiActionRequest) (result map[string]bool, err error)
- type MultiActionRequest
- type Request
- type ResourceNode
- type Resources
- type Subject
Constants ¶
const Version = "v0.0.4"
Variables ¶
This section is empty.
Functions ¶
func NewObjectSet ¶
func NewObjectSet(resources Resources) expression.ObjectSetInterface
NewObjectSet create an ObjectSet from resources
Types ¶
type Action ¶
type Action struct {
ID string `json:"id" binding:"required"`
}
Action is the action of permission
type ActionPolicy ¶
type ActionPolicy struct {
Action Action `json:"action"`
Condition expression.ExprCell `json:"condition"`
}
ActionPolicy is the response struct
type Application ¶
type Application struct {
SystemID string `json:"system_id"`
Actions []ApplicationAction `json:"actions"`
}
Application is the application for permission
func NewApplication ¶
func NewApplication(system string, actions []ApplicationAction) Application
NewApplication will create the application
func (*Application) Validate ¶
func (a *Application) Validate() error
Validate will check if the application is valid
type ApplicationAction ¶
type ApplicationAction struct {
ID string `json:"id"`
RelatedResourceTypes []ApplicationRelatedResourceType `json:"related_resource_types"`
}
ApplicationAction is the action for application
func NewApplicationAction ¶
func NewApplicationAction(id string, rrt []ApplicationRelatedResourceType) ApplicationAction
NewApplicationAction will create the application action
func (*ApplicationAction) Validate ¶
func (aa *ApplicationAction) Validate() error
Validate will check if the application action is valid
type ApplicationActionForApply ¶
type ApplicationActionForApply struct {
ID string `json:"id" binding:"required"`
Name string `json:"name" binding:"required"`
RelatedResourceTypes []ApplicationRelatedResourceTypeWithName `json:"related_resource_types"`
}
ApplicationActionForApply is the action for apply
type ApplicationActionListForApply ¶
type ApplicationActionListForApply struct {
SystemID string `json:"system_id" binding:"required"`
SystemName string `json:"system_name" binding:"required"`
Actions []ApplicationActionForApply `json:"actions" binding:"required"`
}
ApplicationActionListForApply is the action list for apply
type ApplicationRelatedResourceType ¶
type ApplicationRelatedResourceType struct {
SystemID string `json:"system_id"`
Type string `json:"type"`
Instances []ApplicationResourceInstance `json:"instances"`
}
ApplicationRelatedResourceType is the related resource type for application
func (*ApplicationRelatedResourceType) Validate ¶
func (arr *ApplicationRelatedResourceType) Validate() error
Validate will check if the application related resource type is valid
type ApplicationRelatedResourceTypeWithName ¶
type ApplicationRelatedResourceTypeWithName struct {
SystemID string `json:"system_id" binding:"required"`
SystemName string `json:"system_name" binding:"required"`
Type string `json:"type" binding:"required"`
TypeName string `json:"type_name" binding:"required"`
Instances []ApplicationResourceInstanceWithName `json:"instances" binding:"required"`
}
ApplicationRelatedResourceTypeWithName is the related resource type with names
type ApplicationResourceInstance ¶
type ApplicationResourceInstance []ApplicationResourceNode
ApplicationResourceInstance is the resource instance for application
type ApplicationResourceInstanceWithName ¶
type ApplicationResourceInstanceWithName []ApplicationResourceNodeWithName
ApplicationResourceInstanceWithName is the resource instance for application, which with the names of each field
type ApplicationResourceNode ¶
type ApplicationResourceNode struct {
Type string `json:"type" binding:"required"`
ID string `json:"id" binding:"required"`
}
ApplicationResourceNode is the resourc node struct for application
type ApplicationResourceNodeWithName ¶
type ApplicationResourceNodeWithName struct {
Type string `json:"type" binding:"required"`
TypeName string `json:"type_name" binding:"required"`
ID string `json:"id" binding:"required"`
Name string `json:"name" binding:"required"`
}
ApplicationResourceNodeWithName is the resourc node struct for application, which with the names of each field
type IAM ¶
type IAM struct {
// contains filtered or unexported fields
}
IAM is the instance of iam sdk
func (*IAM) BatchIsAllowed ¶
func (i *IAM) BatchIsAllowed(request Request, resourcesList []Resources) (result map[string]bool, err error)
BatchIsAllowed will batch check the permission for resources lists
func (*IAM) BatchResourceMultiActionsAllowed ¶
func (i *IAM) BatchResourceMultiActionsAllowed( request MultiActionRequest, resourcesList []Resources, ) (results map[string]map[string]bool, err error)
BatchResourceMultiActionsAllowed will check the permissions of batch-resource with multi-actions
func (*IAM) GenPermissionApplyData ¶
func (i *IAM) GenPermissionApplyData(a ApplicationActionListForApply) (data H, err error)
GenPermissionApplyData will generate the apply data
func (*IAM) GetApplyURL ¶
func (i *IAM) GetApplyURL(application Application, bkToken string, bkUsername string) (url string, err error)
GetApplyURL will generate the application URL
func (*IAM) IsAllowedWithCache ¶
IsAllowedWithCache will check if the permission is allowed, will cache with ttl
func (*IAM) IsBasicAuthAllowed ¶
IsBasicAuthAllowed will check basic auth of callback request
func (*IAM) ResourceMultiActionsAllowed ¶
func (i *IAM) ResourceMultiActionsAllowed(request MultiActionRequest) (result map[string]bool, err error)
ResourceMultiActionsAllowed will check the permission of one-resource with multi-actions
type MultiActionRequest ¶
type MultiActionRequest struct {
System string `json:"system" binding:"required"`
Subject Subject `json:"subject" binding:"required"`
Actions []Action `json:"actions" binding:"required"`
Resources Resources `json:"resources" binding:"omitempty"`
}
MultiActionRequest is the request object for Multi Actions Request
func NewMultiActionRequest ¶
func NewMultiActionRequest( system string, subject Subject, actions []Action, resources []ResourceNode, ) MultiActionRequest
NewMultiActionRequest create a request
func (*MultiActionRequest) Validate ¶
func (mar *MultiActionRequest) Validate() error
Validate will check if the request is valid
type Request ¶
type Request struct {
System string `json:"system" binding:"required"`
Subject Subject `json:"subject" binding:"required"`
Action Action `json:"action" binding:"required"`
Resources Resources `json:"resources" binding:"omitempty"`
}
Request is the policy query request body
func NewRequest ¶
func NewRequest(system string, subject Subject, action Action, resources []ResourceNode) Request
NewRequest create a new request for policy query
func (*Request) GenObjectSet ¶
func (r *Request) GenObjectSet() expression.ObjectSetInterface
GenObjectSet create an ObjectSet from the resources of request
type ResourceNode ¶
type ResourceNode struct {
System string `json:"system" binding:"required"`
Type string `json:"type" binding:"required"`
ID string `json:"id" binding:"required"`
Attribute map[string]interface{} `json:"attribute" binding:"required"`
}
ResourceNode is the mini unit of a resource
func NewResourceNode ¶
func NewResourceNode(system, _type, id string, attrs map[string]interface{}) ResourceNode
NewResourceNode create a resrouce node
Source Files
Directories