Documentation ¶
Index ¶
Constants ¶
View Source
const ( // BcsClusterIDHeaderKey key for http header BcsClusterIDHeaderKey = "BCS-ClusterID" // ApiPrefix bcs-api prefix ApiPrefix = `/bcsapi/[^/]+/[^/]+` )
View Source
const ( // ClusterIDSignTag tag for bkbcs cluster ID ClusterIDSignTag = "{clusterId}" // NamespaceSignTag tag for bkbcs namespace in URL NamespaceSignTag = "{namespace}" )
Variables ¶
View Source
var ( // AuthRuleRegex regex for rule match AuthRuleRegex = regexp.MustCompile(`^/bcsapi/[^/]+/([^/]+)/([^/]+).*`) // StorageAuthRule rule for module bkbcs storage StorageAuthRule = []*AuthURLRule{ {Rule: `/query/(?:mesos|k8s)/dynamic/clusters/{clusterId}/[^/]+`, Method: "GET", Action: auth.ActionRead}, {Rule: `/query/(?:mesos|k8s)/dynamic/clusters/{clusterId}/[^/]+`, Method: "POST", Action: auth.ActionRead}, {Rule: `/(?:mesos|k8s)/dynamic/namespace_resources/clusters/{clusterId}/namespaces/{namespace}/[^/]+/[^/]+`, Method: "GET", Action: auth.ActionRead}, {Rule: `/(?:mesos|k8s)/dynamic/namespace_resources/clusters/{clusterId}/namespaces/{namespace}/[^/]+`, Method: "GET", Action: auth.ActionRead}, {Rule: `/(?:mesos|k8s)/dynamic/cluster_resources/clusters/{clusterId}/[^/]+/[^/]+`, Method: "GET", Action: auth.ActionRead}, {Rule: `/(?:mesos|k8s)/dynamic/cluster_resources/clusters/{clusterId}/[^/]+`, Method: "GET", Action: auth.ActionRead}, {Rule: `/(?:mesos|k8s)/dynamic/all_resources/clusters/{clusterId}/[^/]+`, Method: "GET", Action: auth.ActionRead}, {Rule: `/metric/clusters/{clusterId}/namespaces/{namespace}/[^/]+/[^/]+`, Method: "GET", Action: auth.ActionRead}, {Rule: `/metric/clusters/{clusterId}/namespaces/{namespace}/[^/]+/[^/]+`, Method: "PUT", Action: auth.ActionManage}, {Rule: `/metric/clusters/{clusterId}/namespaces/{namespace}/[^/]+/[^/]+`, Method: "DELETE", Action: auth.ActionManage}, {Rule: `/metric/clusters/{clusterId}`, Method: "GET", Action: auth.ActionRead}, } // MetricAuthRule rule for metric MetricAuthRule = []*AuthURLRule{ {Rule: `/metric/clustertype/[^/]+/clusters/{clusterId}/namespaces/{namespace}/metrics`, Method: "DELETE", Action: auth.ActionManage}, {Rule: `/metric/tasks/clusters/{clusterId}`, Method: "GET", Action: auth.ActionRead}, {Rule: `/metric/tasks/clusters/{clusterId}/namespaces/{namespace}/name/[^/]+`, Method: "GET", Action: auth.ActionRead}, {Rule: `/metric/tasks/clusters/{clusterId}/namespaces/{namespace}/name/[^/]+`, Method: "PUT", Action: auth.ActionManage}, {Rule: `/metric/tasks/clusters/{clusterId}/namespaces/{namespace}/name/[^/]+`, Method: "DELETE", Action: auth.ActionManage}, } // MesosAuthRule mesosdriver rule MesosAuthRule = []*AuthURLRule{ {Rule: `/mesos/namespaces/{namespace}/(?:applications|processes)`, Method: "POST", Action: auth.ActionManage}, {Rule: `/mesos/namespaces/{namespace}/(?:applications|processes)`, Method: "PUT", Action: auth.ActionManage}, {Rule: `/mesos/namespaces/{namespace}/(?:applications|processes)/[^/]+`, Method: "DELETE", Action: auth.ActionManage}, {Rule: `/mesos/namespaces/{namespace}/(?:applications|processes)/rollback`, Method: "PUT", Action: auth.ActionManage}, {Rule: `/mesos/namespaces/{namespace}/(?:applications|processes)/[^/]+/scale/[^/]+`, Method: "PUT", Action: auth.ActionManage}, {Rule: `/mesos/namespaces/{namespace}/(?:applications|processes)`, Method: "GET", Action: auth.ActionRead}, {Rule: `/mesos/namespaces/{namespace}/(?:applications|processes)/[^/]+`, Method: "GET", Action: auth.ActionRead}, {Rule: `/mesos/namespaces/{namespace}/applications/[^/]+/message`, Method: "POST", Action: auth.ActionManage}, {Rule: `/mesos/namespaces/{namespace}/applications/[^/]+/taskgroups/[^/]+/message`, Method: "POST", Action: auth.ActionManage}, {Rule: `/mesos/namespaces/{namespace}/applications/[^/]+/tasks`, Method: "GET", Action: auth.ActionRead}, {Rule: `/mesos/namespaces/{namespace}/applications/[^/]+/taskgroups`, Method: "GET", Action: auth.ActionRead}, {Rule: `/mesos/namespaces/{namespace}/applications/[^/]+/taskgroups/[^/]+/rescheduler`, Method: "PUT", Action: auth.ActionManage}, {Rule: `/mesos/namespaces/{namespace}/applications/[^/]+/taskgroups/[^/]+/restart`, Method: "POST", Action: auth.ActionManage}, {Rule: `/mesos/namespaces/{namespace}/applications/[^/]+/taskgroups/[^/]+/reload`, Method: "POST", Action: auth.ActionManage}, {Rule: `/mesos/namespaces/{namespace}/applications/[^/]+/versions`, Method: "GET", Action: auth.ActionRead}, {Rule: `/mesos/namespaces/{namespace}/applications/[^/]+/versions/[^/]+`, Method: "GET", Action: auth.ActionRead}, {Rule: `/mesos/namespaces/{namespace}/(?:configmaps|secrets|services)`, Method: "POST", Action: auth.ActionManage}, {Rule: `/mesos/namespaces/{namespace}/(?:configmaps|secrets|services)`, Method: "PUT", Action: auth.ActionManage}, {Rule: `/mesos/namespaces/{namespace}/(?:configmaps|secrets|services)/[^/]+`, Method: "DELETE", Action: auth.ActionManage}, {Rule: `/mesos/cluster/resources`, Method: "GET", Action: auth.ActionRead}, {Rule: `/mesos/cluster/endpoints`, Method: "GET", Action: auth.ActionRead}, {Rule: `/mesos/cluster/current/offers`, Method: "GET", Action: auth.ActionRead}, {Rule: `/mesos/namespaces/{namespace}/deployments`, Method: "POST", Action: auth.ActionManage}, {Rule: `/mesos/namespaces/{namespace}/deployments`, Method: "PUT", Action: auth.ActionManage}, {Rule: `/mesos/namespaces/{namespace}/deployments/[^/]+`, Method: "DELETE", Action: auth.ActionManage}, {Rule: `/mesos/namespaces/{namespace}/deployments/[^/]+/cancelupdate`, Method: "PUT", Action: auth.ActionManage}, {Rule: `/mesos/namespaces/{namespace}/deployments/[^/]+/pauseupdate`, Method: "PUT", Action: auth.ActionManage}, {Rule: `/mesos/namespaces/{namespace}/deployments/[^/]+/resumeupdate`, Method: "PUT", Action: auth.ActionManage}, {Rule: `/mesos/namespaces/{namespace}/deployments/[^/]+/scale/[^/]+`, Method: "PUT", Action: auth.ActionManage}, {Rule: `/mesos/agentsettings`, Method: "GET", Action: auth.ActionRead}, {Rule: `/mesos/agentsettings`, Method: "DELETE", Action: auth.ActionManage}, {Rule: `/mesos/agentsettings`, Method: "POST", Action: auth.ActionManage}, {Rule: `/mesos/agentsettings/update`, Method: "POST", Action: auth.ActionManage}, {Rule: `/mesos/agentsettings/enable`, Method: "POST", Action: auth.ActionManage}, {Rule: `/mesos/agentsettings/disable`, Method: "POST", Action: auth.ActionManage}, {Rule: `/mesos/crr/register`, Method: "POST", Action: auth.ActionManage}, {Rule: `/mesos/crd/namespaces/{namespace}/[^/]+`, Method: "POST", Action: auth.ActionManage}, {Rule: `/mesos/crd/namespaces/{namespace}/[^/]+`, Method: "PUT", Action: auth.ActionManage}, {Rule: `/mesos/crd/namespaces/{namespace}/[^/]+/[^/]+`, Method: "DELETE", Action: auth.ActionManage}, {Rule: `/mesos/image/commit/[^/]+`, Method: "POST", Action: auth.ActionManage}, {Rule: `/mesos/definition/(?:application|deployment)/{namespace}/[^/]+`, Method: "GET", Action: auth.ActionRead}, } )
Functions ¶
This section is empty.
Types ¶
type AuthFilter ¶
type AuthFilter struct {
// contains filtered or unexported fields
}
AuthFilter auth filter for all bcs-api request
func (*AuthFilter) Execute ¶
func (af *AuthFilter) Execute(req *restful.Request) (errCode int, err error)
Execute check authorization
type AuthURLRule ¶
type AuthURLRule struct { Rule string Method string Action auth.Action // contains filtered or unexported fields }
AuthURLRule URL rule for dispatch
type GeneralFilter ¶
type GeneralFilter struct {
// contains filtered or unexported fields
}
GeneralFilter all request filter union
func NewFilter ¶
func NewFilter(conf *config.ApiServConfig) (*GeneralFilter, error)
NewFilter general filter for bcs-api
func (*GeneralFilter) Filter ¶
func (gf *GeneralFilter) Filter(req *restful.Request, resp *restful.Response, chain *restful.FilterChain)
Filter request filter
type RequestFilterFunction ¶
RequestFilterFunction interface for bcs-api request filter
func NewAuthFilter ¶
func NewAuthFilter(conf *config.ApiServConfig) (RequestFilterFunction, error)
NewAuthFilter filter creator
Click to show internal directories.
Click to hide internal directories.