Documentation ¶
Index ¶
- func NewAuditLogger(client AuthorizationInterface) ladon.AuditLogger
- func NewPolicyManager(client AuthorizationInterface) ladon.Manager
- type AuthorizationInterface
- type Authorizer
- type LadonLogger
- type PolicyManager
- func (p *PolicyManager) Create(ladon.Policy) error
- func (p *PolicyManager) Delete(id string) error
- func (p *PolicyManager) FindPoliciesForResource(resource string) (ladon.Policies, error)
- func (p *PolicyManager) FindPoliciesForSubject(subject string) (ladon.Policies, error)
- func (p *PolicyManager) FindRequestCandidates(r *ladon.Request) (ladon.Policies, error)
- func (p *PolicyManager) Get(id string) (ladon.Policy, error)
- func (p *PolicyManager) GetAll(limit, offset int64) (ladon.Policies, error)
- func (p *PolicyManager) Update(ladon.Policy) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewAuditLogger ¶
func NewAuditLogger(client AuthorizationInterface) ladon.AuditLogger
func NewPolicyManager ¶
func NewPolicyManager(client AuthorizationInterface) ladon.Manager
FindRequestCandidates【根据请求得到 验证政策】 然后 执行ladon.IsAllowed时候验证时 需要判断是否存在
Types ¶
type AuthorizationInterface ¶
type AuthorizationInterface interface { Create(*ladon.DefaultPolicy) error // 创建权限 Update(*ladon.DefaultPolicy) error // 更改权限 Delete(id string) error // 根据 id 删除 权限 DeleteCollection(idList []string) error // 删除 多个权限 --> grpc 得到 Get(id string) (*ladon.DefaultPolicy, error) // 根据id得到权限 List(username string) ([]*ladon.DefaultPolicy, error) // 得到多个权限 即从 cache中得到 所有权限 // 授权相关日志函数 // 日志拒绝访问 这个是根据 loadon 需要 所以这样创建的 LogRejectedAccessRequest(request *ladon.Request, pool ladon.Policies, deciders ladon.Policies) // 日志授权访问成功请求(授权成功日志)可以写到mysql redis中(自己实现如何操作成功日志) LogGrantedAccessRequest(request *ladon.Request, pool ladon.Policies, deciders ladon.Policies) }
这个为service 层
type Authorizer ¶
type Authorizer struct {
// contains filtered or unexported fields
}
授权人 外部调用
func NewAuthorizer ¶
func NewAuthorizer(authorizationClient AuthorizationInterface) *Authorizer
根据 权限相关接口 初始化授权对象 authorizationClient 实际上注意目的就是获取策略(从cache中得到)
type LadonLogger ¶
type LadonLogger struct {
// contains filtered or unexported fields
}
func (*LadonLogger) LogGrantedAccessRequest ¶
func (*LadonLogger) LogRejectedAccessRequest ¶
func (l *LadonLogger) LogRejectedAccessRequest(request *ladon.Request, pool ladon.Policies, deciders ladon.Policies)
为了降低请求延时,LogRejectedAccessRequest 和 LogGrantedAccessRequest 会将授权记录存储在 Redis 中, 之后由 iam-pump 进程读取 Redis,并将授权记录持久化存储在 MongoDB 中。
type PolicyManager ¶
type PolicyManager struct {
// contains filtered or unexported fields
}
策略管理相关 因为返回 ladon.Manager 所以需要实现Manager的接口
func (*PolicyManager) Create ¶
func (p *PolicyManager) Create(ladon.Policy) error
因为创建时候通过前端或者API进行创建(API_Server) 所以这里不需要执行
func (*PolicyManager) Delete ¶
func (p *PolicyManager) Delete(id string) error
func (*PolicyManager) FindPoliciesForResource ¶
func (p *PolicyManager) FindPoliciesForResource(resource string) (ladon.Policies, error)
func (*PolicyManager) FindPoliciesForSubject ¶
func (p *PolicyManager) FindPoliciesForSubject(subject string) (ladon.Policies, error)
func (*PolicyManager) FindRequestCandidates ¶
根据 r的context中得到username 根据mysql得到该用户的含有的权限 返回所有的策略
Click to show internal directories.
Click to hide internal directories.