mcclient

package
v0.0.0-...-9665ab3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 2, 2024 License: Apache-2.0, Apache-2.0 Imports: 28 Imported by: 0

README

Yunion OneCloud API go library

Login to first controlplane node of your cluster and execute ocadm cluster rcadmin to get auth info.

For example:

$ ocadm cluster rcadmin
export OS_AUTH_URL=https://10.127.100.2:30500/v3
export OS_USERNAME=sysadmin
export OS_PASSWORD=7AQMP9H2umQvbxxx
export OS_PROJECT_DOMAIN=default
export OS_PROJECT_NAME=system
export YUNION_INSECURE=true
export OS_REGION_NAME=region0
export OS_ENDPOINT_TYPE=publicURL

Sample code

package main

import (
	"context"
	"fmt"

	"github.com/nyl1001/pkg/jsonutils"

	"jihulab.com/nieyinliang/cloudpods/pkg/mcclient"
	modules "jihulab.com/nieyinliang/cloudpods/pkg/mcclient/modules/compute"
)

func main() {
	client := mcclient.NewClient("https://10.127.100.2:30500/v3",
		60,
		true,
		true,
		"",
		"")
	token, err := client.Authenticate("sysadmin", "7AQMP9H2umQvbxxx", "Default", "system", "Default")
	if err != nil {
		panic(err)
	}
	s := client.NewSession(context.Background(),
		"region0",
		"",
		"publicURL",
		token,
		"")

	result, err := modules.Servers.List(s, nil)
	if err != nil {
		panic(err)
	}
	fmt.Printf("%s", jsonutils.Marshal(result).PrettyString())
}

Documentation

Index

Constants

View Source 
const (
	AuthSourceWeb      = "web"
	AuthSourceAPI      = "api"
	AuthSourceCli      = "cli"
	AuthSourceSrv      = "srv"
	AuthSourceOperator = "operator"
)
View Source 
const (
	TASK_ID         = "X-Task-Id"
	TASK_NOTIFY_URL = "X-Task-Notify-Url"
	AUTH_TOKEN      = api.AUTH_TOKEN_HEADER //  "X-Auth-Token"
	REGION_VERSION  = "X-Region-Version"

	DEFAULT_API_VERSION = "v1"
	V2_API_VERSION      = "v2"
)
View Source 
const REGION_ZONE_SEP = '-'

Variables

View Source 
var TokenCredentialType reflect.Type

Functions

func CatalogGetServiceURL 

func CatalogGetServiceURL(catalog IServiceCatalog, service, region, zone, endpointType string) (string, error)

func CatalogGetServiceURLs 

func CatalogGetServiceURLs(catalog IServiceCatalog, service, region, zone, endpointType string) ([]string, error)

func GetTokenHeaders 

func GetTokenHeaders(userCred TokenCredential) http.Header

func Id2RegionZone 

func Id2RegionZone(id string) (string, string)

func OwnerIdString 

func OwnerIdString(owner IIdentityProvider, scope rbacscope.TRbacScope) string

func RegionID 

func RegionID(region, zone string) string

func SplitVersionedURL 

func SplitVersionedURL(url string) (string, string)

Types

type Client 

type Client struct {
	// contains filtered or unexported fields
}

func NewClient 

func NewClient(authUrl string, timeout int, debug bool, insecure bool, certFile, keyFile string) *Client

func (*Client) AuthVersion 

func (client *Client) AuthVersion() string

func (*Client) Authenticate 

func (client *Client) Authenticate(uname, passwd, domainName, tenantName, tenantDomain string) (TokenCredential, error)

func (*Client) AuthenticateApi 

func (client *Client) AuthenticateApi(uname, passwd, domainName, tenantName, tenantDomain string) (TokenCredential, error)

func (*Client) AuthenticateByAccessKey 

func (this *Client) AuthenticateByAccessKey(accessKey string, secret string, source string) (TokenCredential, error)

func (*Client) AuthenticateCAS 

func (this *Client) AuthenticateCAS(idpId string, ticket, redurectUri string, projectId, projectName, projectDomain string, cliIp string) (TokenCredential, error)

func (*Client) AuthenticateOAuth2 

func (this *Client) AuthenticateOAuth2(idpId, code string, projectId, projectName, projectDomain string, cliIp string) (TokenCredential, error)

func (*Client) AuthenticateOIDC 

func (this *Client) AuthenticateOIDC(idpId, code, redirectUri string, projectId, projectName, projectDomain string, cliIp string) (TokenCredential, error)

func (*Client) AuthenticateOperator 

func (client *Client) AuthenticateOperator(uname, passwd, domainName, tenantName, tenantDomain string) (TokenCredential, error)

func (*Client) AuthenticateSAML 

func (this *Client) AuthenticateSAML(idpId string, response string, projectId, projectName, projectDomain string, cliIp string) (TokenCredential, error)

func (*Client) AuthenticateToken 

func (client *Client) AuthenticateToken(token string, projName, projDomain string, source string) (TokenCredential, error)

func (*Client) AuthenticateVerify 

func (this *Client) AuthenticateVerify(uid, contactType, verifyCode string, projectId, projectName, projectDomain string, cliIp string) (TokenCredential, error)

func (*Client) AuthenticateWeb 

func (client *Client) AuthenticateWeb(uname, passwd, domainName, tenantName, tenantDomain string, cliIp string) (TokenCredential, error)

func (*Client) AuthenticateWithSource 

func (client *Client) AuthenticateWithSource(uname, passwd, domainName, tenantName, tenantDomain string, source string) (TokenCredential, error)

func (*Client) CheckMatchPolicies 

func (client *Client) CheckMatchPolicies(ctx context.Context, adminToken TokenCredential, input SCheckPoliciesInput) (*SFetchMatchPoliciesOutput, error)

func (*Client) FetchInvalidTokens 

func (client *Client) FetchInvalidTokens(ctx context.Context, adminToken string) ([]string, error)

func (*Client) FetchMatchPolicies 

func (client *Client) FetchMatchPolicies(ctx context.Context, token TokenCredential) (*SFetchMatchPoliciesOutput, error)

func (*Client) GetClient 

func (client *Client) GetClient() *http.Client

func (*Client) GetCommonEtcdEndpoint 

func (client *Client) GetCommonEtcdEndpoint(token TokenCredential, region, interfaceType string) (*api.EndpointDetails, error)

func (*Client) GetCommonEtcdTLSConfig 

func (client *Client) GetCommonEtcdTLSConfig(endpoint *api.EndpointDetails) (*tls.Config, error)

func (*Client) GetDebug 

func (client *Client) GetDebug() bool

func (*Client) GetServiceCatalog 

func (this *Client) GetServiceCatalog() IServiceCatalog

func (*Client) HttpClient 

func (client *Client) HttpClient() *http.Client

func (*Client) Invalidate 

func (client *Client) Invalidate(ctx context.Context, adminToken, token string) error

func (*Client) NewAuthTokenCredential 

func (client *Client) NewAuthTokenCredential() TokenCredential

func (*Client) NewSession 

func (client *Client) NewSession(ctx context.Context, region, zone, endpointType string, token TokenCredential) *ClientSession

func (*Client) RegisterCatalogListener 

func (cli *Client) RegisterCatalogListener(l IServiceCatalogChangeListener)

func (*Client) SetDebug 

func (client *Client) SetDebug(debug bool)

func (*Client) SetHttpTransportProxyFunc 

func (client *Client) SetHttpTransportProxyFunc(proxyFunc httputils.TransportProxyFunc)

func (*Client) SetProject 

func (client *Client) SetProject(tenantId, tenantName, tenantDomain string, token TokenCredential) (TokenCredential, error)

func (*Client) SetServiceCatalog 

func (cli *Client) SetServiceCatalog(catalog IServiceCatalog)

func (*Client) SetTenant 

func (client *Client) SetTenant(tenantId, tenantName, tenantDomain string, token TokenCredential) (TokenCredential, error)

func (*Client) SetTransport 

func (client *Client) SetTransport(ts http.RoundTripper)

func (*Client) Verify 

func (client *Client) Verify(adminToken, token string) (cred TokenCredential, err error)

func (*Client) VerifyRequest 

func (this *Client) VerifyRequest(req http.Request, aksk s3auth.IAccessKeySecretRequest, virtualHost bool) (*SAkskTokenCredential, error)

type ClientSession 

type ClientSession struct {
	Header http.Header /// headers for this session
	// contains filtered or unexported fields
}

func (*ClientSession) GetClient 

func (this *ClientSession) GetClient() *Client

func (*ClientSession) GetCommonEtcdEndpoint 

func (cs *ClientSession) GetCommonEtcdEndpoint() (*api.EndpointDetails, error)

func (*ClientSession) GetContext 

func (cs *ClientSession) GetContext() context.Context

func (*ClientSession) GetDomainId 

func (this *ClientSession) GetDomainId() string

func (*ClientSession) GetDomainName 

func (this *ClientSession) GetDomainName() string

func (*ClientSession) GetEndpointType 

func (this *ClientSession) GetEndpointType() string

func (*ClientSession) GetProjectDomain 

func (this *ClientSession) GetProjectDomain() string

func (*ClientSession) GetProjectDomainId 

func (this *ClientSession) GetProjectDomainId() string

func (*ClientSession) GetProjectId 

func (this *ClientSession) GetProjectId() string

func (*ClientSession) GetProjectName 

func (this *ClientSession) GetProjectName() string

func (*ClientSession) GetRegion 

func (this *ClientSession) GetRegion() string

func (*ClientSession) GetServiceCatalog 

func (this *ClientSession) GetServiceCatalog() IServiceCatalog

func (*ClientSession) GetServiceURL 

func (this *ClientSession) GetServiceURL(service, endpointType string) (string, error)

func (*ClientSession) GetServiceURLs 

func (this *ClientSession) GetServiceURLs(service, endpointType string) ([]string, error)

func (*ClientSession) GetServiceVersionURL 

func (this *ClientSession) GetServiceVersionURL(service, endpointType string) (string, error)

func (*ClientSession) GetServiceVersionURLs 

func (this *ClientSession) GetServiceVersionURLs(service, endpointType string) ([]string, error)

func (*ClientSession) GetTenantId 

func (this *ClientSession) GetTenantId() string

func (*ClientSession) GetTenantName 

func (this *ClientSession) GetTenantName() string

func (*ClientSession) GetToken 

func (cs *ClientSession) GetToken() TokenCredential

func (*ClientSession) GetUserId 

func (this *ClientSession) GetUserId() string

func (*ClientSession) HasSystemAdminPrivilege 

func (this *ClientSession) HasSystemAdminPrivilege() bool

func (*ClientSession) JSONRequest 

func (this *ClientSession) JSONRequest(service, endpointType string, method httputils.THttpMethod, url string, headers http.Header, body jsonutils.JSONObject) (http.Header, jsonutils.JSONObject, error)

func (*ClientSession) JSONVersionRequest 

func (this *ClientSession) JSONVersionRequest(
	service, endpointType string, method httputils.THttpMethod, url string,
	headers http.Header, body jsonutils.JSONObject,
) (http.Header, jsonutils.JSONObject, error)

func (*ClientSession) ParseJSONResponse 

func (this *ClientSession) ParseJSONResponse(reqBody string, resp *http.Response, err error) (http.Header, jsonutils.JSONObject, error)

func (*ClientSession) PrepareTask 

func (this *ClientSession) PrepareTask()

func (*ClientSession) RawBaseUrlRequest 

func (this *ClientSession) RawBaseUrlRequest(
	service, endpointType string,
	method httputils.THttpMethod, url string,
	headers http.Header, body io.Reader,
	baseurlFactory func(string) string,
) (*http.Response, error)

func (*ClientSession) RawRequest 

func (this *ClientSession) RawRequest(service, endpointType string, method httputils.THttpMethod, url string, headers http.Header, body io.Reader) (*http.Response, error)

func (*ClientSession) RawVersionRequest 

func (this *ClientSession) RawVersionRequest(
	service, endpointType string, method httputils.THttpMethod, url string,
	headers http.Header, body io.Reader,
) (*http.Response, error)

func (*ClientSession) RemoveTaskNotifyUrl 

func (this *ClientSession) RemoveTaskNotifyUrl()

func (*ClientSession) SetServiceCatalog 

func (this *ClientSession) SetServiceCatalog(catalog IServiceCatalog)

func (*ClientSession) SetServiceUrl 

func (this *ClientSession) SetServiceUrl(service, url string)

func (*ClientSession) SetTaskNotifyUrl 

func (this *ClientSession) SetTaskNotifyUrl(url string)

func (*ClientSession) SetZone 

func (this *ClientSession) SetZone(zone string)

func (*ClientSession) ToJson 

func (this *ClientSession) ToJson() jsonutils.JSONObject

func (*ClientSession) WaitTaskNotify 

func (this *ClientSession) WaitTaskNotify()

type Endpoint 

type Endpoint struct {
	Id          string
	RegionId    string
	ServiceId   string
	ServiceName string
	Url         string
	Interface   string
}

type ExternalService 

type ExternalService struct {
	Name string
	Url  string

	Service string
}

type IIdentityProvider 

type IIdentityProvider interface {
	GetProjectId() string
	GetUserId() string
	GetTenantId() string
	GetProjectDomainId() string

	GetTenantName() string
	GetProjectName() string
	GetProjectDomain() string

	GetUserName() string
	GetDomainId() string
	GetDomainName() string
}

interface for owner

type IServiceCatalog 

type IServiceCatalog interface {
	Len() int

	GetInternalServices(region string) []string
	GetExternalServices(region string) []ExternalService
	GetServicesByInterface(region string, infType string) []ExternalService
	// contains filtered or unexported methods
}

type IServiceCatalogChangeListener 

type IServiceCatalogChangeListener interface {
	OnServiceCatalogChange(catalog IServiceCatalog)
}

type IUserIdentity 

type IUserIdentity interface {
	IIdentityProvider

	GetRoleIds() []string
	GetRoles() []string
}

interface for identity of user with project and roles

type KeystoneDomainV3 

type KeystoneDomainV3 api.SIdentityObject

type KeystoneEndpointV2 

type KeystoneEndpointV2 struct {
	// 接口ID
	Id string `json:"id"`
	// 内部URL
	InternalURL string `json:"internal_url"`
	// 外部URL
	PublicURL string `json:"public_url"`
	// 管理URL
	AdminURL string `json:"admin_url"`
	// 区域ID
	Region string `json:"region"`
}

type KeystoneEndpointV3 

type KeystoneEndpointV3 struct {
	// endpoint ID
	// example: 75f4e36100184a5a8a3e36cb0f12aa87
	Id string `json:"id"`
	// endpoint接口类型,目前定义了一下集中类型
	//
	// | interface | 说明                                                   |
	// |-----------|--------------------------------------------------------|
	// | internal  | 内部接口,访问服务时默认用inernal类型的接口            |
	// | public    | 外部接口                                               |
	// | admin     | 管理类型接口,deprecated                               |
	// | console   | web控制台接口,指定显示在web控制台的外部服务的接口地址 |
	//
	Interface string `json:"interface"`
	// 区域名称
	Region string `json:"region"`
	// 区域ID
	RegionId string `json:"region_id"`
	// 接口URL
	Url string `json:"url"`
	// 接口名称
	Name string `json:"name"`
}

type KeystoneMetadataV2 

type KeystoneMetadataV2 struct {
	// 是否为管理员
	IsAdmin int `json:"is_admin"`
	// 角色
	Roles []string `json:"roles"`
}

type KeystonePolicy 

type KeystonePolicy struct {
	// 项目范围的权限
	Project []string
	// 域范围的权限
	Domain []string
	// 系统范围的权限
	System []string
}

type KeystoneProjectV3 

type KeystoneProjectV3 struct {
	// 项目ID
	Id string
	// 项目名称
	Name string
	// 项目归属域
	Domain KeystoneDomainV3
}

type KeystoneRoleV2 

type KeystoneRoleV2 struct {
	// 角色名称
	Name string `json:"name"`
	// 角色ID
	Id string `json:"id"`
}

type KeystoneRoleV3 

type KeystoneRoleV3 api.SIdentityObject

type KeystoneServiceCatalogV2 

type KeystoneServiceCatalogV2 []KeystoneServiceV2

func (KeystoneServiceCatalogV2) GetExternalServices 

func (catalog KeystoneServiceCatalogV2) GetExternalServices(region string) []ExternalService

func (KeystoneServiceCatalogV2) GetInternalServices 

func (catalog KeystoneServiceCatalogV2) GetInternalServices(region string) []string

func (KeystoneServiceCatalogV2) GetServicesByInterface 

func (catalog KeystoneServiceCatalogV2) GetServicesByInterface(region string, infType string) []ExternalService

func (KeystoneServiceCatalogV2) Len 

func (catalog KeystoneServiceCatalogV2) Len() int

type KeystoneServiceCatalogV3 

type KeystoneServiceCatalogV3 []KeystoneServiceV3

func (KeystoneServiceCatalogV3) GetExternalServices 

func (catalog KeystoneServiceCatalogV3) GetExternalServices(region string) []ExternalService

func (KeystoneServiceCatalogV3) GetInternalServices 

func (catalog KeystoneServiceCatalogV3) GetInternalServices(region string) []string

func (KeystoneServiceCatalogV3) GetServicesByInterface 

func (catalog KeystoneServiceCatalogV3) GetServicesByInterface(region string, infType string) []ExternalService

func (KeystoneServiceCatalogV3) Len 

func (catalog KeystoneServiceCatalogV3) Len() int

type KeystoneServiceV2 

type KeystoneServiceV2 struct {
	// 服务名称
	Name string `json:"name"`
	// 服务类型
	Type string `json:"type"`
	// 服务接口地址列表
	Endpoints []KeystoneEndpointV2 `json:"endpoints"`
}

type KeystoneServiceV3 

type KeystoneServiceV3 struct {
	// service ID
	Id string `json:"id,omitempty"`
	// service Name
	Name string `json:"name,omitempty"`
	// service Type,例如identity, compute等
	Type string `json:"type,omitempty"`
	// service的访问endpoints
	Endpoints []KeystoneEndpointV3 `json:"endpoints,omitempty"`
}

type KeystoneTenantV2 

type KeystoneTenantV2 struct {
	// 项目ID
	Id string `json:"id"`
	// 项目名称
	Name string `json:"name"`
	// 是否启用
	Enabled bool `json:"enabled"`
	// 描述
	Description string `json:"description"`
	// 项目归属域信息
	Domain struct {
		// 域ID
		Id string `json:"id"`
		// 域名称
		Name string `json:"name"`
	} `json:"domain"`
}

type KeystoneTokenV2 

type KeystoneTokenV2 struct {
	// token
	Id string `json:"id"`
	// 过期时间(UTC)
	Expires time.Time `json:"expires"`
	// token有效的项目信息
	Tenant KeystoneTenantV2 `json:"tenant"`
}

type KeystoneTokenV3 

type KeystoneTokenV3 struct {
	// AutdiIds, 没有什么用
	// swagger:ignore
	AuditIds []string `json:"audit_ids"`
	// token过期时间
	ExpiresAt time.Time `json:"expires_at"`
	// 是否为域的token
	IsDomain bool `json:"is_domain,allowfalse"`
	// token颁发时间
	IssuedAt time.Time `json:"issued_at"`
	// 获取token的认证方式
	Methods []string `json:"methods"`
	// token的关联项目,如果用户认证时scope为项目,则为改指定项目的信息
	Project KeystoneProjectV3 `json:"project"`
	// token的关联用户在关联项目的权限信息,只有项目scope的token才有这个属性
	Policies KeystonePolicy `json:"policies"`
	// token的关联用户在关联项目的角色列表,只有项目scope的token才有这个属性
	Roles []KeystoneRoleV3 `json:"roles"`
	// token的关联用户信息
	User KeystoneUserV3 `json:"user"`
	// 服务目录
	Catalog KeystoneServiceCatalogV3 `json:"catalog"`
	// 认证上下文
	Context SAuthContext `json:"context"`

	// 当用户认证时未指定scope时,会返回该用户所有的项目
	Projects []KeystoneProjectV3 `json:"projects"`
	// 返回用户在所有项目的所有角色信息
	RoleAssignments []api.SRoleAssignment `json:"role_assignments"`

	// 如果时AK/SK认证,返回用户的AccessKey/Secret信息,用于客户端后续的AK/SK认证,避免频繁访问keystone进行AK/SK认证
	AccessKey api.SAccessKeySecretInfo `json:"access_key"`
}

type KeystoneUserV2 

type KeystoneUserV2 struct {
	// 用户ID
	Id string `json:"id"`
	// 用户名
	Name string `json:"name"`
	// 用户username
	Username        string `json:"username"`
	IsSystemAccount bool   `json:"is_system_account"`
	// 用户角色列表
	Roles []KeystoneRoleV2 `json:"roles"`
}

type KeystoneUserV3 

type KeystoneUserV3 struct {
	// 用户ID
	Id string
	// 用户名称
	Name string
	// 用户归属域
	Domain KeystoneDomainV3
	// 用户密码过期时间
	PasswordExpiresAt time.Time
	// 是否为系统账号
	IsSystemAccount bool

	// 用户的显式名称,通常为中文名
	Displayname string
	// 用户Email
	Email string
	// 用户手机号
	Mobile string
}

type SAkskTokenCredential 

type SAkskTokenCredential struct {
	AccessKeySecret api.SAccessKeySecretInfo
	Token           TokenCredential
}

type SAuthContext 

type SAuthContext struct {
	// 认证来源类型, 可能的值有:
	//
	// | source   | 说明                      |
	// |----------|---------------------------|
	// | web      | 通过web控制台认证         |
	// | api      | api调用认证               |
	// | cli      | climc客户端认证           |
	// | srv      | 作为服务认证              |
	// | operator | 作为onecloud-operator认证 |
	//
	Source string `json:"source,omitempty"`
	// 认证来源IP
	Ip string `json:"ip,omitempty"`
}

type SAuthenticationIdentity 

type SAuthenticationIdentity struct {
	// ID of identity provider, optional
	// required:false
	Id string `json:"id,omitempty"`
	// 认证方式列表,支持认证方式如下:
	//
	// | method   | 说明                                                                |
	// |----------|--------------------------------------------------------------------|
	// | password | 用户名密码认证                                                       |
	// | token    | token认证,已经通过其他方式获得token之后,可以用旧的token认证获得新的token   |
	// | aksk     | Access Key/Secret key认证                                           |
	// | cas      | 通过SSO统一认证平台CAS认证                                             |
	// | saml     | 作为SAML 2.0 SP通过IDP认证                                            |
	// | oidc     | 作为OpenID Connect/OAuth2 Client认证                                 |
	// | oauth2   | OAuth2认证                                                          |
	// | verify   | 手机短信或邮箱认证                                                     |
	//
	Methods []string `json:"methods,omitempty"`
	// 当认证方式为password时,通过该字段提供密码认证信息
	Password struct {
		User struct {
			// 用户ID
			Id string `json:"id,omitempty"`
			// 用户名称
			Name string `json:"name,omitempty"`
			// 密码
			Password string `json:"password,omitempty"`
			// 用户所属域的信息
			Domain struct {
				// 域ID
				Id string `json:"id,omitempty"`
				// 域名称
				Name string `json:"name,omitempty"`
			}
		} `json:"user,omitempty"`
	} `json:"password,omitempty"`
	// 当认证方式为token时,通过该字段提供token认证信息
	Token struct {
		// token
		Id string `json:"id,omitempty"`
	} `json:"token,omitempty"`
	// 当认证方式为aksk时,通过该字段提供客户端AK/SK信息
	// 为了兼容不同版本的AK/SK认证方式,使用编码后的字符串传递该信息
	AccessKeyRequest string `json:"access_key_secret,omitempty"`
	// 当认证方式为cas时,通过该字段提供CAS认证的ID
	// required:false
	CASTicket struct {
		Id      string `json:"id,omitempty"`
		Service string `json:"service,omitempty"`
	} `json:"cas_ticket,omitempty"`
	// 当认证方式为saml时,通过该字段提供SAML认证的Response信息
	SAMLAuth struct {
		Response string `json:"response,omitempty"`
	} `json:"saml_auth,omitempty"`
	OIDCAuth struct {
		Code        string `json:"code,omitempty"`
		RedirectUri string `json:"redirect_uri,omitempty"`
	} `json:"oidc_auth,omitempty"`
	OAuth2 struct {
		Code string `json:"code,omitempty"`
	} `json:"oauth2,omitempty"`
	Verify struct {
		Uid         string `json:"uid,omitempty"`
		VerifyCode  string `json:"verify_code,omitempty"`
		ContactType string `json:"contact_type,omitempty"`
	} `json:"mobile,omitempty"`
}

type SAuthenticationInputV2 

type SAuthenticationInputV2 struct {
	// keystone v2 认证接口认证信息
	// required:true
	Auth struct {
		// 如果使用用户名/密码认证,则需要设置passwordCredentials
		PasswordCredentials struct {
			// 用户名
			Username string `json:"username,omitempty"`
			// 用户密码
			Password string `json:"password,omitempty"`
		} `json:"passwordCredentials,omitempty"`
		// 指定认证用户的所属项目名称,该字段和tenantId二选一,或者不设置。
		// 如果不提供tenantName和tenantId,则用户认证成功后,获得一个unscoped token
		// 此时,如果用户需要访问具体项目的资源,还是需要用unscoped token进行认证,获得指定项目的token
		// required:false
		TenantName string `json:"tenantName,omitempty"`
		// 指定认证用户的所属项目ID,该字段和tenantName二选一,或者不设置。
		// required:false
		TenantId string `json:"tenantId,omitempty"`
		// 如果使用token认证,则需要设置token.Id
		Token struct {
			// token的字符串
			Id string `json:"id,omitempty"`
		} `json:"token,omitempty"`
		// 认证上下文
		// required:false
		Context SAuthContext `json:"context,omitempty"`
	} `json:"auth,omitempty"`
}

type SAuthenticationInputV3 

type SAuthenticationInputV3 struct {
	// keystone v3 认证接口认证信息
	// required:true
	Auth struct {
		// 认证信息
		// required:true
		Identity SAuthenticationIdentity `json:"identity,omitempty"`
		// 指定认证范围, 该字段可选。如果未指定scope,则用户认证成功后获得一个unscoped token,
		// 当用户需要访问指定项目的资源时,需要通过该unscope token进行认证,获得该项目scope的token
		// 目前只支持Project scope的token
		// required:false
		Scope struct {
			// 指定token的scope为指定的项目
			// required:false
			Project struct {
				// 指定项目的ID,由于ID全局唯一,因此指定ID后不需要指定项目所在的域(Domain),ID和Name只需要指定其中一个
				// required:false
				Id string `json:"id,omitempty"`
				// 指定项目的Name,指定Name时,需要指定项目所在的域(domain)
				// required:false
				Name string `json:"name,omitempty"`
				// 指定项目所在的域(domain)
				// required:false
				Domain struct {
					// 指定项目所在域的ID,ID和Name只需要指定其中一个
					// required:false
					Id string `json:"id,omitempty"`
					// 指定项目所在域的Name
					// required:false
					Name string `json:"name,omitempty"`
				} `json:"domain,omitempty"`
			} `json:"project,omitempty"`
			// 指定token的scope为指定的域
			// required:false
			Domain struct {
				// 指定domain的ID,ID和Name只需要指定其中一个
				// required:false
				Id string `json:"id,omitempty"`
				// 指定Domain的Name
				// required:false
				Name string `json:"name,omitempty"`
			} `json:"domain,omitempty"`
		} `json:"scope,omitempty"`
		// 认证上下文
		// required:false
		Context SAuthContext `json:"context,omitempty"`
	} `json:"auth,omitempty"`
}

type SCheckPoliciesInput 

type SCheckPoliciesInput struct {
	UserId    string
	ProjectId string
	LoginIp   string
}

type SFetchMatchPoliciesOutput 

type SFetchMatchPoliciesOutput struct {
	Names    map[rbacscope.TRbacScope][]string `json:"names"`
	Policies rbacutils.TPolicyGroup            `json:"policies"`
}

func (*SFetchMatchPoliciesOutput) Decode 

func (o *SFetchMatchPoliciesOutput) Decode(object jsonutils.JSONObject) error

func (SFetchMatchPoliciesOutput) Encode 

func (o SFetchMatchPoliciesOutput) Encode() jsonutils.JSONObject

type SSimpleToken 

type SSimpleToken struct {
	Token     string
	Domain    string
	DomainId  string
	User      string
	UserId    string
	Project   string `json:"tenant"`
	ProjectId string `json:"tenant_id"`

	ProjectDomain   string
	ProjectDomainId string

	Roles   string
	RoleIds string
	Expires time.Time

	SystemAccount bool

	Context SAuthContext
}

func (*SSimpleToken) GetCatalogData 

func (self *SSimpleToken) GetCatalogData(serviceTypes []string, region string) jsonutils.JSONObject

func (*SSimpleToken) GetDomainId 

func (self *SSimpleToken) GetDomainId() string

func (*SSimpleToken) GetDomainName 

func (self *SSimpleToken) GetDomainName() string

func (*SSimpleToken) GetEndpoints 

func (this *SSimpleToken) GetEndpoints(region string, endpointType string) []Endpoint

func (*SSimpleToken) GetExpires 

func (self *SSimpleToken) GetExpires() time.Time

func (*SSimpleToken) GetExternalServices 

func (self *SSimpleToken) GetExternalServices(region string) []ExternalService

func (*SSimpleToken) GetInternalServices 

func (self *SSimpleToken) GetInternalServices(region string) []string

func (*SSimpleToken) GetLoginIp 

func (this *SSimpleToken) GetLoginIp() string

func (*SSimpleToken) GetLoginSource 

func (this *SSimpleToken) GetLoginSource() string

func (*SSimpleToken) GetProjectDomain 

func (self *SSimpleToken) GetProjectDomain() string

func (*SSimpleToken) GetProjectDomainId 

func (self *SSimpleToken) GetProjectDomainId() string

func (*SSimpleToken) GetProjectId 

func (self *SSimpleToken) GetProjectId() string

func (*SSimpleToken) GetProjectName 

func (self *SSimpleToken) GetProjectName() string

func (*SSimpleToken) GetRegions 

func (self *SSimpleToken) GetRegions() []string

func (*SSimpleToken) GetRoleIds 

func (self *SSimpleToken) GetRoleIds() []string

func (*SSimpleToken) GetRoles 

func (self *SSimpleToken) GetRoles() []string

func (*SSimpleToken) GetServiceCatalog 

func (this *SSimpleToken) GetServiceCatalog() IServiceCatalog

func (*SSimpleToken) GetServicesByInterface 

func (this *SSimpleToken) GetServicesByInterface(region string, infType string) []ExternalService

func (*SSimpleToken) GetTenantId 

func (self *SSimpleToken) GetTenantId() string

func (*SSimpleToken) GetTenantName 

func (self *SSimpleToken) GetTenantName() string

func (*SSimpleToken) GetTokenString 

func (self *SSimpleToken) GetTokenString() string

func (*SSimpleToken) GetUserId 

func (self *SSimpleToken) GetUserId() string

func (*SSimpleToken) GetUserName 

func (self *SSimpleToken) GetUserName() string

func (*SSimpleToken) HasSystemAdminPrivilege 

func (self *SSimpleToken) HasSystemAdminPrivilege() bool

func (*SSimpleToken) IsAdmin 

func (self *SSimpleToken) IsAdmin() bool

func (*SSimpleToken) IsAllow 

func (this *SSimpleToken) IsAllow(scope rbacscope.TRbacScope, service string, resource string, action string, extra ...string) rbacutils.SPolicyResult

func (*SSimpleToken) IsSystemAccount 

func (this *SSimpleToken) IsSystemAccount() bool

func (*SSimpleToken) IsValid 

func (self *SSimpleToken) IsValid() bool

func (*SSimpleToken) IsZero 

func (self *SSimpleToken) IsZero() bool

func (*SSimpleToken) Len 

func (self *SSimpleToken) Len() int

func (*SSimpleToken) String 

func (self *SSimpleToken) String() string

func (*SSimpleToken) ToJson 

func (self *SSimpleToken) ToJson() jsonutils.JSONObject

func (*SSimpleToken) ValidDuration 

func (self *SSimpleToken) ValidDuration() time.Duration

type TokenCredential 

type TokenCredential interface {
	gotypes.ISerializable

	IServiceCatalog

	IUserIdentity

	GetTokenString() string
	GetRoles() []string
	// GetRoleIds() []string
	GetExpires() time.Time
	IsValid() bool
	ValidDuration() time.Duration
	// IsAdmin() bool
	HasSystemAdminPrivilege() bool

	IsAllow(scope rbacscope.TRbacScope, service string, resource string, action string, extra ...string) rbacutils.SPolicyResult

	GetRegions() []string

	GetServiceCatalog() IServiceCatalog
	GetCatalogData(serviceTypes []string, region string) jsonutils.JSONObject

	GetEndpoints(region string, endpointType string) []Endpoint

	ToJson() jsonutils.JSONObject

	GetLoginSource() string
	GetLoginIp() string
	IsSystemAccount() bool
}

interface for full keystone token

func SimplifyToken 

func SimplifyToken(token TokenCredential) TokenCredential

type TokenCredentialV2 

type TokenCredentialV2 struct {
	// token信息
	Token KeystoneTokenV2 `json:"token"`
	// 服务目录
	ServiceCatalog KeystoneServiceCatalogV2 `json:"service_catalog"`
	// 认证用户信息
	User KeystoneUserV2 `json:"user"`
	// 用户所属项目列表
	Tenants []KeystoneTenantV2 `json:"tenants"`
	// 认证元数据
	Metadata KeystoneMetadataV2 `json:"metadata"`
	// 认证上下文
	Context SAuthContext `json:"context"`
}

Keystone token信息V2

func (*TokenCredentialV2) GetCatalogData 

func (self *TokenCredentialV2) GetCatalogData(serviceTypes []string, region string) jsonutils.JSONObject

func (*TokenCredentialV2) GetDomainId 

func (token *TokenCredentialV2) GetDomainId() string

func (*TokenCredentialV2) GetDomainName 

func (token *TokenCredentialV2) GetDomainName() string

func (*TokenCredentialV2) GetEndpoints 

func (this *TokenCredentialV2) GetEndpoints(region string, endpointType string) []Endpoint

func (*TokenCredentialV2) GetExpires 

func (this *TokenCredentialV2) GetExpires() time.Time

func (*TokenCredentialV2) GetExternalServices 

func (this *TokenCredentialV2) GetExternalServices(region string) []ExternalService

func (*TokenCredentialV2) GetInternalServices 

func (this *TokenCredentialV2) GetInternalServices(region string) []string

func (*TokenCredentialV2) GetLoginIp 

func (this *TokenCredentialV2) GetLoginIp() string

func (*TokenCredentialV2) GetLoginSource 

func (this *TokenCredentialV2) GetLoginSource() string

func (*TokenCredentialV2) GetProjectDomain 

func (token *TokenCredentialV2) GetProjectDomain() string

func (*TokenCredentialV2) GetProjectDomainId 

func (token *TokenCredentialV2) GetProjectDomainId() string

func (*TokenCredentialV2) GetProjectId 

func (token *TokenCredentialV2) GetProjectId() string

func (*TokenCredentialV2) GetProjectName 

func (token *TokenCredentialV2) GetProjectName() string

func (*TokenCredentialV2) GetRegions 

func (this *TokenCredentialV2) GetRegions() []string

func (*TokenCredentialV2) GetRoleIds 

func (token *TokenCredentialV2) GetRoleIds() []string

func (*TokenCredentialV2) GetRoles 

func (token *TokenCredentialV2) GetRoles() []string

func (*TokenCredentialV2) GetServiceCatalog 

func (this *TokenCredentialV2) GetServiceCatalog() IServiceCatalog

func (*TokenCredentialV2) GetServicesByInterface 

func (this *TokenCredentialV2) GetServicesByInterface(region string, infType string) []ExternalService

func (*TokenCredentialV2) GetTenantId 

func (token *TokenCredentialV2) GetTenantId() string

func (*TokenCredentialV2) GetTenantName 

func (token *TokenCredentialV2) GetTenantName() string

func (*TokenCredentialV2) GetTokenString 

func (token *TokenCredentialV2) GetTokenString() string

func (*TokenCredentialV2) GetUserId 

func (token *TokenCredentialV2) GetUserId() string

func (*TokenCredentialV2) GetUserName 

func (token *TokenCredentialV2) GetUserName() string

func (*TokenCredentialV2) HasSystemAdminPrivilege 

func (this *TokenCredentialV2) HasSystemAdminPrivilege() bool

func (*TokenCredentialV2) IsAdmin 

func (this *TokenCredentialV2) IsAdmin() bool

func (*TokenCredentialV2) IsAllow 

func (this *TokenCredentialV2) IsAllow(scope rbacscope.TRbacScope, service string, resource string, action string, extra ...string) rbacutils.SPolicyResult

func (*TokenCredentialV2) IsSystemAccount 

func (token *TokenCredentialV2) IsSystemAccount() bool

func (*TokenCredentialV2) IsValid 

func (this *TokenCredentialV2) IsValid() bool

func (*TokenCredentialV2) IsZero 

func (self *TokenCredentialV2) IsZero() bool

func (*TokenCredentialV2) Len 

func (this *TokenCredentialV2) Len() int

func (*TokenCredentialV2) String 

func (self *TokenCredentialV2) String() string

func (*TokenCredentialV2) ToJson 

func (self *TokenCredentialV2) ToJson() jsonutils.JSONObject

func (*TokenCredentialV2) ValidDuration 

func (this *TokenCredentialV2) ValidDuration() time.Duration

type TokenCredentialV3 

type TokenCredentialV3 struct {
	// keystone V3 token
	Token KeystoneTokenV3 `json:"token"`

	// swagger:ignore
	Id string `json:"id"`
}

func (*TokenCredentialV3) GetCatalogData 

func (self *TokenCredentialV3) GetCatalogData(serviceTypes []string, region string) jsonutils.JSONObject

func (*TokenCredentialV3) GetDomainId 

func (token *TokenCredentialV3) GetDomainId() string

func (*TokenCredentialV3) GetDomainName 

func (token *TokenCredentialV3) GetDomainName() string

func (*TokenCredentialV3) GetEndpoints 

func (this *TokenCredentialV3) GetEndpoints(region string, endpointType string) []Endpoint

func (*TokenCredentialV3) GetExpires 

func (this *TokenCredentialV3) GetExpires() time.Time

func (*TokenCredentialV3) GetExternalServices 

func (this *TokenCredentialV3) GetExternalServices(region string) []ExternalService

func (*TokenCredentialV3) GetInternalServices 

func (this *TokenCredentialV3) GetInternalServices(region string) []string

func (*TokenCredentialV3) GetLoginIp 

func (this *TokenCredentialV3) GetLoginIp() string

func (*TokenCredentialV3) GetLoginSource 

func (this *TokenCredentialV3) GetLoginSource() string

func (*TokenCredentialV3) GetProjectDomain 

func (token *TokenCredentialV3) GetProjectDomain() string

func (*TokenCredentialV3) GetProjectDomainId 

func (token *TokenCredentialV3) GetProjectDomainId() string

func (*TokenCredentialV3) GetProjectId 

func (token *TokenCredentialV3) GetProjectId() string

func (*TokenCredentialV3) GetProjectName 

func (token *TokenCredentialV3) GetProjectName() string

func (*TokenCredentialV3) GetRegions 

func (this *TokenCredentialV3) GetRegions() []string

func (*TokenCredentialV3) GetRoleIds 

func (token *TokenCredentialV3) GetRoleIds() []string

func (*TokenCredentialV3) GetRoles 

func (token *TokenCredentialV3) GetRoles() []string

func (*TokenCredentialV3) GetServiceCatalog 

func (this *TokenCredentialV3) GetServiceCatalog() IServiceCatalog

func (*TokenCredentialV3) GetServicesByInterface 

func (this *TokenCredentialV3) GetServicesByInterface(region string, infType string) []ExternalService

func (*TokenCredentialV3) GetTenantId 

func (token *TokenCredentialV3) GetTenantId() string

func (*TokenCredentialV3) GetTenantName 

func (token *TokenCredentialV3) GetTenantName() string

func (*TokenCredentialV3) GetTokenString 

func (token *TokenCredentialV3) GetTokenString() string

func (*TokenCredentialV3) GetUserId 

func (token *TokenCredentialV3) GetUserId() string

func (*TokenCredentialV3) GetUserName 

func (token *TokenCredentialV3) GetUserName() string

func (*TokenCredentialV3) HasSystemAdminPrivilege 

func (this *TokenCredentialV3) HasSystemAdminPrivilege() bool

func (*TokenCredentialV3) IsAdmin 

func (this *TokenCredentialV3) IsAdmin() bool

func (*TokenCredentialV3) IsAllow 

func (this *TokenCredentialV3) IsAllow(scope rbacscope.TRbacScope, service string, resource string, action string, extra ...string) rbacutils.SPolicyResult

func (*TokenCredentialV3) IsSystemAccount 

func (token *TokenCredentialV3) IsSystemAccount() bool

func (*TokenCredentialV3) IsValid 

func (this *TokenCredentialV3) IsValid() bool

func (*TokenCredentialV3) IsZero 

func (self *TokenCredentialV3) IsZero() bool

func (*TokenCredentialV3) Len 

func (this *TokenCredentialV3) Len() int

func (*TokenCredentialV3) String 

func (self *TokenCredentialV3) String() string

func (*TokenCredentialV3) ToJson 

func (self *TokenCredentialV3) ToJson() jsonutils.JSONObject

func (*TokenCredentialV3) ValidDuration 

func (this *TokenCredentialV3) ValidDuration() time.Duration

type TokenManager 

type TokenManager interface {
	Save(token TokenCredential) string
	Get(tid string) TokenCredential
	Remove(tid string)
}

func NewMapTokenManager 

func NewMapTokenManager() TokenManager

Source Files

View all Source files

Directories

Path Synopsis
provider
shell
ansible
apimap
cloudevent
cloudid
cloudnet
cloudproxy
compute
devtool
etcd
identity
image
k8s
logger
monitor
notify
quota
scheduledtask
scheduler
vpcagent
webconsole
websocket
yunionconf
ansible
cloudid
cloudnet
cloudproxy
compute
devtool
glance
identity
k8s
meter
monitor
notify
yunionconf

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.