security

package

v0.3.0 Latest Latest Go to latest Published: Apr 18, 2024 License: Apache-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/aliyun/aliyun-odps-go-sdk

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type AuthQueryInstance
- func (ai *AuthQueryInstance) WaitForSuccess() (string, error)
type Config
- func NewSecurityConfig(restClient restclient.RestClient, withoutExceptionPolicy bool, ...) Config
- func (sc *Config) BeLoaded() bool
- func (sc *Config) CheckDownloadPrivilege() bool
- func (sc *Config) CheckPermissionUsingAcl() bool
- func (sc *Config) CheckPermissionUsingAclV2() bool
- func (sc *Config) CheckPermissionUsingPackage() bool
- func (sc *Config) CheckPermissionUsingPackageV2() bool
- func (sc *Config) CheckPermissionUsingPolicy() bool
- func (sc *Config) CreatePackage() bool
- func (sc *Config) CreatePackageV2() bool
- func (sc *Config) DisableCheckPermissionUsingAcl()
- func (sc *Config) DisableCheckPermissionUsingPolicy()
- func (sc *Config) DisableDownloadPrivilege()
- func (sc *Config) DisableLabelSecurity()
- func (sc *Config) DisableObjectCreatorHasAccessPermission()
- func (sc *Config) DisableObjectCreatorHasGrantPermission()
- func (sc *Config) DisableProjectProtection()
- func (sc *Config) EnableCheckPermissionUsingAcl()
- func (sc *Config) EnableCheckPermissionUsingPolicy()
- func (sc *Config) EnableDownloadPrivilege()
- func (sc *Config) EnableLabelSecurity()
- func (sc *Config) EnableObjectCreatorHasAccessPermission()
- func (sc *Config) EnableObjectCreatorHasGrantPermission()
- func (sc *Config) EnableProjectProtection()
- func (sc *Config) EnableProjectProtectionWithExceptionPolicy(exceptionPolicy string)
- func (sc *Config) GetAuthorizationVersion() string
- func (sc *Config) GetGrammarVersion() string
- func (sc *Config) LabelSecurity() bool
- func (sc *Config) Load() error
- func (sc *Config) ObjectCreatorHasAccessPermission() bool
- func (sc *Config) ObjectCreatorHasGrantPermission() bool
- func (sc *Config) ProjectProtection() bool
- func (sc *Config) ProjectProtectionExceptionPolicy() string
- func (sc *Config) SupportAcl() bool
- func (sc *Config) SupportAclV2() bool
- func (sc *Config) SupportPackage() bool
- func (sc *Config) SupportPackageV2() bool
- func (sc *Config) SupportPolicy() bool
- func (sc *Config) Update(supervisionToken string) error
type Manager
- func NewSecurityManager(restClient restclient.RestClient, projectName string) Manager
- func (sm *Manager) CheckPermissionV0(objectType PermissionObjectType, objectName string, ...) (*PermissionCheckResult, error)
- func (sm *Manager) CheckPermissionV1(p Permission) (*PermissionCheckResult, error)
- func (sm *Manager) GenerateAuthorizationToken(policy string) (string, error)
- func (sm *Manager) GetPolicy() ([]byte, error)
- func (sm *Manager) GetRolePolicy(roleName string) ([]byte, error)
- func (sm *Manager) GetSecurityConfig(withoutExceptionPolicy bool) (Config, error)
- func (sm *Manager) GetSecurityPolicy() ([]byte, error)
- func (sm *Manager) ListRoles() ([]Role, error)
- func (sm *Manager) ListRolesForUserWithId(userId, _type string) ([]Role, error)
- func (sm *Manager) ListRolesForUserWithName(userName string) ([]Role, error)
- func (sm *Manager) ListUsers() ([]User, error)
- func (sm *Manager) ListUsersForRole(roleName string) ([]User, error)
- func (sm *Manager) Run(query string, jsonOutput bool, supervisionToken string) (*AuthQueryInstance, error)
- func (sm *Manager) RunQuery(query string, jsonOutput bool, supervisionToken string) (string, error)
- func (sm *Manager) SetPolicy(policy string) error
- func (sm *Manager) SetRolePolicy(roleName, policy string) error
- func (sm *Manager) SetSecurityConfig(config Config, supervisionToken string) error
- func (sm *Manager) SetSecurityPolicy(policy string) error
type Permission
- func NewPermission(projectName string, objectType PermissionObjectType, objectName string, ...) Permission
- func (perm Permission) MarshalJSON() ([]byte, error)
- func (perm *Permission) Resource() string
- func (perm *Permission) SetColumns(columns []string)
type PermissionActionType
- func (p PermissionActionType) String() string
type PermissionCheckResult
type PermissionEffect
- func (p PermissionEffect) String() string
type PermissionObjectType
- func (p PermissionObjectType) String() string
type Role
- func NewRole(name string, restClient restclient.RestClient, projectName string) Role
- func (role *Role) Comment() string
- func (role *Role) Load() error
- func (role *Role) Name() string
type User
- func NewUser(userId string, restClient restclient.RestClient, projectName string) User
- func (user *User) Comment() string
- func (user *User) DisplayName() string
- func (user *User) ID() string
- func (user *User) Load() error

Constants ¶

View Source

const (
	TerminatedStatus = "Terminated"
	FailedStatus     = "Failed"
	RunningStatus    = "Running"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AuthQueryInstance ¶ added in v0.2.2

type AuthQueryInstance struct {
	// contains filtered or unexported fields
}

func (*AuthQueryInstance) WaitForSuccess ¶ added in v0.2.2

func (ai *AuthQueryInstance) WaitForSuccess() (string, error)

type Config ¶

type Config struct {
	// contains filtered or unexported fields
}

func NewSecurityConfig ¶

func NewSecurityConfig(restClient restclient.RestClient, withoutExceptionPolicy bool, projectName string) Config

NewSecurityConfig withoutExceptionPolicy一般为false

func (*Config) BeLoaded ¶

func (sc *Config) BeLoaded() bool

func (*Config) CheckDownloadPrivilege ¶

func (sc *Config) CheckDownloadPrivilege() bool

func (*Config) CheckPermissionUsingAcl ¶

func (sc *Config) CheckPermissionUsingAcl() bool

func (*Config) CheckPermissionUsingAclV2 ¶

func (sc *Config) CheckPermissionUsingAclV2() bool

func (*Config) CheckPermissionUsingPackage ¶

func (sc *Config) CheckPermissionUsingPackage() bool

func (*Config) CheckPermissionUsingPackageV2 ¶

func (sc *Config) CheckPermissionUsingPackageV2() bool

func (*Config) CheckPermissionUsingPolicy ¶

func (sc *Config) CheckPermissionUsingPolicy() bool

func (*Config) CreatePackage ¶

func (sc *Config) CreatePackage() bool

func (*Config) CreatePackageV2 ¶

func (sc *Config) CreatePackageV2() bool

func (*Config) DisableCheckPermissionUsingAcl ¶

func (sc *Config) DisableCheckPermissionUsingAcl()

func (*Config) DisableCheckPermissionUsingPolicy ¶

func (sc *Config) DisableCheckPermissionUsingPolicy()

func (*Config) DisableDownloadPrivilege ¶

func (sc *Config) DisableDownloadPrivilege()

DisableDownloadPrivilege If project setting DOWNLOAD_PRIV_ENFORCED is enabled, download privilege cannot be set to false via odps sdk

func (*Config) DisableLabelSecurity ¶

func (sc *Config) DisableLabelSecurity()

func (*Config) DisableObjectCreatorHasAccessPermission ¶

func (sc *Config) DisableObjectCreatorHasAccessPermission()

func (*Config) DisableObjectCreatorHasGrantPermission ¶

func (sc *Config) DisableObjectCreatorHasGrantPermission()

func (*Config) DisableProjectProtection ¶

func (sc *Config) DisableProjectProtection()

func (*Config) EnableCheckPermissionUsingAcl ¶

func (sc *Config) EnableCheckPermissionUsingAcl()

func (*Config) EnableCheckPermissionUsingPolicy ¶

func (sc *Config) EnableCheckPermissionUsingPolicy()

func (*Config) EnableDownloadPrivilege ¶

func (sc *Config) EnableDownloadPrivilege()

func (*Config) EnableLabelSecurity ¶

func (sc *Config) EnableLabelSecurity()

func (*Config) EnableObjectCreatorHasAccessPermission ¶

func (sc *Config) EnableObjectCreatorHasAccessPermission()

func (*Config) EnableObjectCreatorHasGrantPermission ¶

func (sc *Config) EnableObjectCreatorHasGrantPermission()

func (*Config) EnableProjectProtection ¶

func (sc *Config) EnableProjectProtection()

func (*Config) EnableProjectProtectionWithExceptionPolicy ¶

func (sc *Config) EnableProjectProtectionWithExceptionPolicy(exceptionPolicy string)

func (*Config) GetAuthorizationVersion ¶

func (sc *Config) GetAuthorizationVersion() string

func (*Config) GetGrammarVersion ¶

func (sc *Config) GetGrammarVersion() string

func (*Config) LabelSecurity ¶

func (sc *Config) LabelSecurity() bool

func (*Config) Load ¶

func (sc *Config) Load() error

func (*Config) ObjectCreatorHasAccessPermission ¶

func (sc *Config) ObjectCreatorHasAccessPermission() bool

func (*Config) ObjectCreatorHasGrantPermission ¶

func (sc *Config) ObjectCreatorHasGrantPermission() bool

func (*Config) ProjectProtection ¶

func (sc *Config) ProjectProtection() bool

func (*Config) ProjectProtectionExceptionPolicy ¶

func (sc *Config) ProjectProtectionExceptionPolicy() string

func (*Config) SupportAcl ¶

func (sc *Config) SupportAcl() bool

func (*Config) SupportAclV2 ¶

func (sc *Config) SupportAclV2() bool

func (*Config) SupportPackage ¶

func (sc *Config) SupportPackage() bool

func (*Config) SupportPackageV2 ¶

func (sc *Config) SupportPackageV2() bool

func (*Config) SupportPolicy ¶

func (sc *Config) SupportPolicy() bool

func (*Config) Update ¶

func (sc *Config) Update(supervisionToken string) error

type Manager ¶

type Manager struct {
	// contains filtered or unexported fields
}

func NewSecurityManager ¶

func NewSecurityManager(restClient restclient.RestClient, projectName string) Manager

func (*Manager) CheckPermissionV0 ¶

func (sm *Manager) CheckPermissionV0(
	objectType PermissionObjectType,
	objectName string,
	actionType PermissionActionType,
	columns []string,
) (*PermissionCheckResult, error)

Example ¶

package main

import (
	"fmt"
	account2 "github.com/aliyun/aliyun-odps-go-sdk/odps/account"
	"github.com/aliyun/aliyun-odps-go-sdk/odps/restclient"
	"github.com/aliyun/aliyun-odps-go-sdk/odps/security"
	"log"
)

var account = account2.AliyunAccountFromEnv()
var endpoint = restclient.LoadEndpointFromEnv()
var restClient = restclient.NewOdpsRestClient(account, endpoint)

func main() {
	sm := security.NewSecurityManager(restClient, "project_1")

	r, err := sm.CheckPermissionV0(
		security.ObjectTypeTable,
		"sale_detail",
		security.ActionTypeAll,
		nil,
	)
	if err != nil {
		log.Fatalf("%+v", err)
	}

	println(fmt.Sprintf("%v", r))
}

Output:

func (*Manager) CheckPermissionV1 ¶

func (sm *Manager) CheckPermissionV1(p Permission) (*PermissionCheckResult, error)

Example ¶

package main

import (
	"fmt"
	account2 "github.com/aliyun/aliyun-odps-go-sdk/odps/account"
	"github.com/aliyun/aliyun-odps-go-sdk/odps/restclient"
	"github.com/aliyun/aliyun-odps-go-sdk/odps/security"
	"log"
)

var account = account2.AliyunAccountFromEnv()
var endpoint = restclient.LoadEndpointFromEnv()
var restClient = restclient.NewOdpsRestClient(account, endpoint)

func main() {
	sm := security.NewSecurityManager(restClient, "project_1")
	p := security.NewPermission(
		"project_1",
		security.ObjectTypeTable,
		"sale_detail",
		security.ActionTypeAll,
	)
	p.Params["User"] = "Aliyun$odpstest1@aliyun.com;"

	r, err := sm.CheckPermissionV1(p)
	if err != nil {
		log.Fatalf("%+v", err)
	}

	println(fmt.Sprintf("%v", r))
}

Output:

func (*Manager) GenerateAuthorizationToken ¶

func (sm *Manager) GenerateAuthorizationToken(policy string) (string, error)

func (*Manager) GetPolicy ¶

func (sm *Manager) GetPolicy() ([]byte, error)

Example ¶

package main

import (
	account2 "github.com/aliyun/aliyun-odps-go-sdk/odps/account"
	"github.com/aliyun/aliyun-odps-go-sdk/odps/restclient"
	"github.com/aliyun/aliyun-odps-go-sdk/odps/security"
	"log"
)

var account = account2.AliyunAccountFromEnv()
var endpoint = restclient.LoadEndpointFromEnv()
var restClient = restclient.NewOdpsRestClient(account, endpoint)

func main() {
	sm := security.NewSecurityManager(restClient, "project_1")
	policy, err := sm.GetPolicy()
	if err != nil {
		log.Fatalf("%+v", err)
	}

	println(policy)
}

Output:

func (*Manager) GetRolePolicy ¶

func (sm *Manager) GetRolePolicy(roleName string) ([]byte, error)

func (*Manager) GetSecurityConfig ¶

func (sm *Manager) GetSecurityConfig(withoutExceptionPolicy bool) (Config, error)

Example ¶

package main

import (
	"fmt"
	account2 "github.com/aliyun/aliyun-odps-go-sdk/odps/account"
	"github.com/aliyun/aliyun-odps-go-sdk/odps/restclient"
	"github.com/aliyun/aliyun-odps-go-sdk/odps/security"
	"log"
)

var account = account2.AliyunAccountFromEnv()
var endpoint = restclient.LoadEndpointFromEnv()
var restClient = restclient.NewOdpsRestClient(account, endpoint)

func main() {
	sm := security.NewSecurityManager(restClient, "project_1")
	sc, err := sm.GetSecurityConfig(true)
	if err != nil {
		log.Fatalf("%+v", err)
	}

	println(fmt.Sprintf("%+v", sc))

}

Output:

func (*Manager) GetSecurityPolicy ¶

func (sm *Manager) GetSecurityPolicy() ([]byte, error)

func (*Manager) ListRoles ¶

func (sm *Manager) ListRoles() ([]Role, error)

func (*Manager) ListRolesForUserWithId ¶

func (sm *Manager) ListRolesForUserWithId(userId, _type string) ([]Role, error)

func (*Manager) ListRolesForUserWithName ¶

func (sm *Manager) ListRolesForUserWithName(userName string) ([]Role, error)

func (*Manager) ListUsers ¶

func (sm *Manager) ListUsers() ([]User, error)

Example ¶

package main

import (
	"fmt"
	account2 "github.com/aliyun/aliyun-odps-go-sdk/odps/account"
	"github.com/aliyun/aliyun-odps-go-sdk/odps/restclient"
	"github.com/aliyun/aliyun-odps-go-sdk/odps/security"
	"log"
)

var account = account2.AliyunAccountFromEnv()
var endpoint = restclient.LoadEndpointFromEnv()
var restClient = restclient.NewOdpsRestClient(account, endpoint)

func main() {
	sm := security.NewSecurityManager(restClient, "project_1")
	users, err := sm.ListUsers()
	if err != nil {
		log.Fatalf("%+v", err)
	}

	for _, user := range users {
		println(fmt.Sprintf("id=%s, name=%s", user.ID(), user.DisplayName()))
	}

}

Output:

func (*Manager) ListUsersForRole ¶

func (sm *Manager) ListUsersForRole(roleName string) ([]User, error)

func (*Manager) Run ¶ added in v0.2.2

func (sm *Manager) Run(query string, jsonOutput bool, supervisionToken string) (*AuthQueryInstance, error)

func (*Manager) RunQuery ¶

func (sm *Manager) RunQuery(query string, jsonOutput bool, supervisionToken string) (string, error)

Example ¶

package main

import (
	"fmt"
	account2 "github.com/aliyun/aliyun-odps-go-sdk/odps/account"
	"github.com/aliyun/aliyun-odps-go-sdk/odps/restclient"
	"github.com/aliyun/aliyun-odps-go-sdk/odps/security"
	"log"
)

var account = account2.AliyunAccountFromEnv()
var endpoint = restclient.LoadEndpointFromEnv()
var restClient = restclient.NewOdpsRestClient(account, endpoint)

func main() {
	sm := security.NewSecurityManager(restClient, "project_1")
	result, err := sm.RunQuery("show grants for aliyun$odpstest1@aliyun.com;", true, "")
	if err != nil {
		log.Fatalf("%+v", err)
	}

	println(fmt.Sprintf("ok: %s", result))

}

Output:

func (*Manager) SetPolicy ¶

func (sm *Manager) SetPolicy(policy string) error

func (*Manager) SetRolePolicy ¶

func (sm *Manager) SetRolePolicy(roleName, policy string) error

func (*Manager) SetSecurityConfig ¶

func (sm *Manager) SetSecurityConfig(config Config, supervisionToken string) error

func (*Manager) SetSecurityPolicy ¶

func (sm *Manager) SetSecurityPolicy(policy string) error

type Permission ¶

type Permission struct {
	ProjectName string
	ObjectType  PermissionObjectType
	ObjectName  string
	ActionType  PermissionActionType
	Params      map[string]string
}

func NewPermission ¶

func NewPermission(
	projectName string,
	objectType PermissionObjectType,
	objectName string,
	actionType PermissionActionType) Permission

func (Permission) MarshalJSON ¶

func (perm Permission) MarshalJSON() ([]byte, error)

func (*Permission) Resource ¶

func (perm *Permission) Resource() string

func (*Permission) SetColumns ¶

func (perm *Permission) SetColumns(columns []string)

type PermissionActionType ¶

type PermissionActionType int

const (
	ActionTypeRead PermissionActionType
	ActionTypeWrite
	ActionTypeList
	ActionTypeCreateTable
	ActionTypeCreateInstance
	ActionTypeCreateFunction
	ActionTypeCreateResource
	ActionTypeAll
	ActionTypeDescribe
	ActionTypeSelect
	ActionTypeAlter
	ActionTypeUpdate
	ActionTypeDrop
	ActionTypeExecute
	ActionTypeDelete
	ActionTypeDownload
)

func (PermissionActionType) String ¶

func (p PermissionActionType) String() string

type PermissionCheckResult ¶

type PermissionCheckResult struct {
	Result  string
	Message string
}

type PermissionEffect ¶

type PermissionEffect int

const (
	EffectAllow PermissionEffect
	EffectDeny
)

func (PermissionEffect) String ¶

func (p PermissionEffect) String() string

type PermissionObjectType ¶

type PermissionObjectType int

const (
	ObjectTypeProject PermissionObjectType
	ObjectTypeTable
	ObjectTypeFunction
	ObjectTypeResource
	ObjectTypeInstance
)

func (PermissionObjectType) String ¶

func (p PermissionObjectType) String() string

type Role ¶

type Role struct {
	// contains filtered or unexported fields
}

func NewRole ¶

func NewRole(name string, restClient restclient.RestClient, projectName string) Role

func (*Role) Comment ¶

func (role *Role) Comment() string

func (*Role) Load ¶

func (role *Role) Load() error

func (*Role) Name ¶

func (role *Role) Name() string

type User ¶

type User struct {
	// contains filtered or unexported fields
}

func NewUser ¶

func NewUser(userId string, restClient restclient.RestClient, projectName string) User

func (*User) Comment ¶

func (user *User) Comment() string

func (*User) DisplayName ¶

func (user *User) DisplayName() string

func (*User) ID ¶

func (user *User) ID() string

func (*User) Load ¶

func (user *User) Load() error

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL