Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var NoAuthorizeError = errors.New("no authorize")
Functions ¶
This section is empty.
Types ¶
type Authorize ¶
type Authorize interface {
Authorizer
ResourceHandler
}
func NewAuthorize ¶
func NewAuthorize(tls *util.TLSClientConfig, authConfig authcenter.AuthConfig) (Authorize, error)
NewAuthorize is used to initialized a Authorize instance interface, which is used for request authorize and resource handle. This allows bk-cmdb to support other kind of auth center. tls can be nil if it is not care. authConfig is a way to parse configuration info for the connection to a auth center.
type Authorizer ¶
type Authorizer interface {
// Authorize works to check if a user has the authority to operate resources.
Authorize(ctx context.Context, a *meta.AuthAttribute) (decision meta.Decision, err error)
AuthorizeBatch(ctx context.Context, user meta.UserInfo, resources ...meta.ResourceAttribute) (decisions []meta.Decision, err error)
GetAnyAuthorizedBusinessList(ctx context.Context, user meta.UserInfo) ([]int64, error)
GetExactAuthorizedBusinessList(ctx context.Context, user meta.UserInfo) ([]int64, error)
AdminEntrance(ctx context.Context, user meta.UserInfo) ([]string, error)
GetAuthorizedAuditList(ctx context.Context, user meta.UserInfo, businessID int64) ([]authcenter.AuthorizedResource, error)
Enabled() bool
}
type ResourceHandler ¶
type ResourceHandler interface {
// register a resource
RegisterResource(ctx context.Context, rs ...meta.ResourceAttribute) error
// register a resource
DryRunRegisterResource(ctx context.Context, rs ...meta.ResourceAttribute) (*authcenter.RegisterInfo, error)
// deregister a resource
DeregisterResource(ctx context.Context, rs ...meta.ResourceAttribute) error
// deregister a resource with raw iam resource id
RawDeregisterResource(ctx context.Context, scope authcenter.ScopeInfo, rs ...meta.BackendResource) error
// update a resource's info
UpdateResource(ctx context.Context, rs *meta.ResourceAttribute) error
// get a resource's info
Get(ctx context.Context) error
// list resources by condition
ListResources(ctx context.Context, r *meta.ResourceAttribute) ([]meta.BackendResource, error)
// init the authcenter
Init(ctx context.Context, config meta.InitConfig) error
}
ResourceHandler is used to handle the resources register to authorize center. request id is a identifier for a request, returned by IAM.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.