filter

package

v1.19.1 Latest Latest Go to latest Published: Oct 25, 2022 License: MIT Imports: 12 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/marklinglon/bcs-gamestatefulset

Documentation ¶

Index ¶

Constants
Variables
type AuthFilter
- func (af *AuthFilter) Execute(req *restful.Request) (errCode int, err error)
type AuthURLRule
- func (aur *AuthURLRule) Match(clusterID, namespace, uri, method string) (match bool, action auth.Action, resource auth.Resource)
type GeneralFilter
- func NewFilter(conf *config.ApiServConfig) (*GeneralFilter, error)
- func (gf *GeneralFilter) Filter(req *restful.Request, resp *restful.Response, chain *restful.FilterChain)
type RequestFilterFunction
- func NewAuthFilter(conf *config.ApiServConfig) (RequestFilterFunction, error)

Constants ¶

View Source

const (
	// BcsClusterIDHeaderKey key for http header
	BcsClusterIDHeaderKey = "BCS-ClusterID"
	// ApiPrefix bcs-api prefix
	ApiPrefix = `/bcsapi/[^/]+/[^/]+`
)

View Source

const (
	// ClusterIDSignTag tag for bkbcs cluster ID
	ClusterIDSignTag = "{clusterId}"
	// NamespaceSignTag tag for bkbcs namespace in URL
	NamespaceSignTag = "{namespace}"
)

Variables ¶

View Source

var (
	// AuthRuleRegex regex for rule match
	AuthRuleRegex = regexp.MustCompile(`^/bcsapi/[^/]+/([^/]+)/([^/]+).*`)
	// StorageAuthRule rule for module bkbcs storage
	StorageAuthRule = []*AuthURLRule{

		{Rule: `/query/(?:mesos|k8s)/dynamic/clusters/{clusterId}/[^/]+`, Method: "GET", Action: auth.ActionRead},
		{Rule: `/query/(?:mesos|k8s)/dynamic/clusters/{clusterId}/[^/]+`, Method: "POST", Action: auth.ActionRead},

		{Rule: `/(?:mesos|k8s)/dynamic/namespace_resources/clusters/{clusterId}/namespaces/{namespace}/[^/]+/[^/]+`, Method: "GET", Action: auth.ActionRead},
		{Rule: `/(?:mesos|k8s)/dynamic/namespace_resources/clusters/{clusterId}/namespaces/{namespace}/[^/]+`, Method: "GET", Action: auth.ActionRead},
		{Rule: `/(?:mesos|k8s)/dynamic/cluster_resources/clusters/{clusterId}/[^/]+/[^/]+`, Method: "GET", Action: auth.ActionRead},
		{Rule: `/(?:mesos|k8s)/dynamic/cluster_resources/clusters/{clusterId}/[^/]+`, Method: "GET", Action: auth.ActionRead},
		{Rule: `/(?:mesos|k8s)/dynamic/all_resources/clusters/{clusterId}/[^/]+`, Method: "GET", Action: auth.ActionRead},

		{Rule: `/metric/clusters/{clusterId}/namespaces/{namespace}/[^/]+/[^/]+`, Method: "GET", Action: auth.ActionRead},
		{Rule: `/metric/clusters/{clusterId}/namespaces/{namespace}/[^/]+/[^/]+`, Method: "PUT", Action: auth.ActionManage},
		{Rule: `/metric/clusters/{clusterId}/namespaces/{namespace}/[^/]+/[^/]+`, Method: "DELETE", Action: auth.ActionManage},
		{Rule: `/metric/clusters/{clusterId}`, Method: "GET", Action: auth.ActionRead},
	}
	// MetricAuthRule rule for metric
	MetricAuthRule = []*AuthURLRule{

		{Rule: `/metric/clustertype/[^/]+/clusters/{clusterId}/namespaces/{namespace}/metrics`, Method: "DELETE", Action: auth.ActionManage},
		{Rule: `/metric/tasks/clusters/{clusterId}`, Method: "GET", Action: auth.ActionRead},

		{Rule: `/metric/tasks/clusters/{clusterId}/namespaces/{namespace}/name/[^/]+`, Method: "GET", Action: auth.ActionRead},
		{Rule: `/metric/tasks/clusters/{clusterId}/namespaces/{namespace}/name/[^/]+`, Method: "PUT", Action: auth.ActionManage},
		{Rule: `/metric/tasks/clusters/{clusterId}/namespaces/{namespace}/name/[^/]+`, Method: "DELETE", Action: auth.ActionManage},
	}
	// MesosAuthRule mesosdriver rule
	MesosAuthRule = []*AuthURLRule{

		{Rule: `/mesos/namespaces/{namespace}/(?:applications|processes)`, Method: "POST", Action: auth.ActionManage},
		{Rule: `/mesos/namespaces/{namespace}/(?:applications|processes)`, Method: "PUT", Action: auth.ActionManage},
		{Rule: `/mesos/namespaces/{namespace}/(?:applications|processes)/[^/]+`, Method: "DELETE", Action: auth.ActionManage},
		{Rule: `/mesos/namespaces/{namespace}/(?:applications|processes)/rollback`, Method: "PUT", Action: auth.ActionManage},
		{Rule: `/mesos/namespaces/{namespace}/(?:applications|processes)/[^/]+/scale/[^/]+`, Method: "PUT", Action: auth.ActionManage},
		{Rule: `/mesos/namespaces/{namespace}/(?:applications|processes)`, Method: "GET", Action: auth.ActionRead},
		{Rule: `/mesos/namespaces/{namespace}/(?:applications|processes)/[^/]+`, Method: "GET", Action: auth.ActionRead},

		{Rule: `/mesos/namespaces/{namespace}/applications/[^/]+/message`, Method: "POST", Action: auth.ActionManage},
		{Rule: `/mesos/namespaces/{namespace}/applications/[^/]+/taskgroups/[^/]+/message`, Method: "POST", Action: auth.ActionManage},

		{Rule: `/mesos/namespaces/{namespace}/applications/[^/]+/tasks`, Method: "GET", Action: auth.ActionRead},

		{Rule: `/mesos/namespaces/{namespace}/applications/[^/]+/taskgroups`, Method: "GET", Action: auth.ActionRead},
		{Rule: `/mesos/namespaces/{namespace}/applications/[^/]+/taskgroups/[^/]+/rescheduler`, Method: "PUT", Action: auth.ActionManage},
		{Rule: `/mesos/namespaces/{namespace}/applications/[^/]+/taskgroups/[^/]+/restart`, Method: "POST", Action: auth.ActionManage},
		{Rule: `/mesos/namespaces/{namespace}/applications/[^/]+/taskgroups/[^/]+/reload`, Method: "POST", Action: auth.ActionManage},

		{Rule: `/mesos/namespaces/{namespace}/applications/[^/]+/versions`, Method: "GET", Action: auth.ActionRead},
		{Rule: `/mesos/namespaces/{namespace}/applications/[^/]+/versions/[^/]+`, Method: "GET", Action: auth.ActionRead},

		{Rule: `/mesos/namespaces/{namespace}/(?:configmaps|secrets|services)`, Method: "POST", Action: auth.ActionManage},
		{Rule: `/mesos/namespaces/{namespace}/(?:configmaps|secrets|services)`, Method: "PUT", Action: auth.ActionManage},
		{Rule: `/mesos/namespaces/{namespace}/(?:configmaps|secrets|services)/[^/]+`, Method: "DELETE", Action: auth.ActionManage},

		{Rule: `/mesos/cluster/resources`, Method: "GET", Action: auth.ActionRead},
		{Rule: `/mesos/cluster/endpoints`, Method: "GET", Action: auth.ActionRead},
		{Rule: `/mesos/cluster/current/offers`, Method: "GET", Action: auth.ActionRead},

		{Rule: `/mesos/namespaces/{namespace}/deployments`, Method: "POST", Action: auth.ActionManage},
		{Rule: `/mesos/namespaces/{namespace}/deployments`, Method: "PUT", Action: auth.ActionManage},
		{Rule: `/mesos/namespaces/{namespace}/deployments/[^/]+`, Method: "DELETE", Action: auth.ActionManage},
		{Rule: `/mesos/namespaces/{namespace}/deployments/[^/]+/cancelupdate`, Method: "PUT", Action: auth.ActionManage},
		{Rule: `/mesos/namespaces/{namespace}/deployments/[^/]+/pauseupdate`, Method: "PUT", Action: auth.ActionManage},
		{Rule: `/mesos/namespaces/{namespace}/deployments/[^/]+/resumeupdate`, Method: "PUT", Action: auth.ActionManage},
		{Rule: `/mesos/namespaces/{namespace}/deployments/[^/]+/scale/[^/]+`, Method: "PUT", Action: auth.ActionManage},

		{Rule: `/mesos/agentsettings`, Method: "GET", Action: auth.ActionRead},
		{Rule: `/mesos/agentsettings`, Method: "DELETE", Action: auth.ActionManage},
		{Rule: `/mesos/agentsettings`, Method: "POST", Action: auth.ActionManage},
		{Rule: `/mesos/agentsettings/update`, Method: "POST", Action: auth.ActionManage},
		{Rule: `/mesos/agentsettings/enable`, Method: "POST", Action: auth.ActionManage},
		{Rule: `/mesos/agentsettings/disable`, Method: "POST", Action: auth.ActionManage},

		{Rule: `/mesos/crr/register`, Method: "POST", Action: auth.ActionManage},
		{Rule: `/mesos/crd/namespaces/{namespace}/[^/]+`, Method: "POST", Action: auth.ActionManage},
		{Rule: `/mesos/crd/namespaces/{namespace}/[^/]+`, Method: "PUT", Action: auth.ActionManage},
		{Rule: `/mesos/crd/namespaces/{namespace}/[^/]+/[^/]+`, Method: "DELETE", Action: auth.ActionManage},

		{Rule: `/mesos/image/commit/[^/]+`, Method: "POST", Action: auth.ActionManage},

		{Rule: `/mesos/definition/(?:application|deployment)/{namespace}/[^/]+`, Method: "GET", Action: auth.ActionRead},
	}
)

Functions ¶

This section is empty.

Types ¶

type AuthFilter ¶

type AuthFilter struct {
	// contains filtered or unexported fields
}

AuthFilter auth filter for all bcs-api request

func (*AuthFilter) Execute ¶

func (af *AuthFilter) Execute(req *restful.Request) (errCode int, err error)

Execute check authorization

type AuthURLRule ¶

type AuthURLRule struct {
	Rule   string
	Method string
	Action auth.Action
	// contains filtered or unexported fields
}

AuthURLRule URL rule for dispatch

func (*AuthURLRule) Match ¶

func (aur *AuthURLRule) Match(clusterID, namespace, uri, method string) (match bool, action auth.Action, resource auth.Resource)

Match request match for module

type GeneralFilter ¶

type GeneralFilter struct {
	// contains filtered or unexported fields
}

GeneralFilter all request filter union

func NewFilter ¶

func NewFilter(conf *config.ApiServConfig) (*GeneralFilter, error)

NewFilter general filter for bcs-api

func (*GeneralFilter) Filter ¶

func (gf *GeneralFilter) Filter(req *restful.Request, resp *restful.Response, chain *restful.FilterChain)

Filter request filter

type RequestFilterFunction ¶

type RequestFilterFunction interface {
	Execute(req *restful.Request) (int, error)
}

RequestFilterFunction interface for bcs-api request filter

func NewAuthFilter ¶

func NewAuthFilter(conf *config.ApiServConfig) (RequestFilterFunction, error)

NewAuthFilter filter creator

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL