/
resource_listen.go
72 lines (59 loc) · 2.65 KB
/
resource_listen.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
/**
* Tencent is pleased to support the open source community by making Polaris available.
*
* Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
*
* Licensed under the BSD 3-Clause License (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://opensource.org/licenses/BSD-3-Clause
*
* Unless required by applicable law or agreed to in writing, software distributed
* under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package service_auth
import (
"context"
apisecurity "github.com/polarismesh/specification/source/go/api/v1/security"
"github.com/polarismesh/polaris/common/model"
"github.com/polarismesh/polaris/common/utils"
"github.com/polarismesh/polaris/service"
)
// Before this function is called before the resource operation
func (svr *ServerAuthAbility) Before(ctx context.Context, resourceType model.Resource) {
// do nothing
}
// After this function is called after the resource operation
func (svr *ServerAuthAbility) After(ctx context.Context, resourceType model.Resource, res *service.ResourceEvent) error {
switch resourceType {
case model.RService:
return svr.onServiceResource(ctx, res)
default:
return nil
}
}
// onServiceResource 服务资源的处理,只处理服务,namespace 只由 namespace 相关的进行处理,
func (svr *ServerAuthAbility) onServiceResource(ctx context.Context, res *service.ResourceEvent) error {
authCtx := ctx.Value(utils.ContextAuthContextKey).(*model.AcquireContext)
ownerId := utils.ParseOwnerID(ctx)
authCtx.SetAttachment(model.ResourceAttachmentKey, map[apisecurity.ResourceType][]model.ResourceEntry{
apisecurity.ResourceType_Services: {
{
ID: res.Service.ID,
Owner: ownerId,
},
},
})
users := utils.ConvertStringValuesToSlice(res.ReqService.UserIds)
removeUses := utils.ConvertStringValuesToSlice(res.ReqService.RemoveUserIds)
groups := utils.ConvertStringValuesToSlice(res.ReqService.GroupIds)
removeGroups := utils.ConvertStringValuesToSlice(res.ReqService.RemoveGroupIds)
authCtx.SetAttachment(model.LinkUsersKey, utils.StringSliceDeDuplication(users))
authCtx.SetAttachment(model.RemoveLinkUsersKey, utils.StringSliceDeDuplication(removeUses))
authCtx.SetAttachment(model.LinkGroupsKey, utils.StringSliceDeDuplication(groups))
authCtx.SetAttachment(model.RemoveLinkGroupsKey, utils.StringSliceDeDuplication(removeGroups))
return svr.strategyMgn.AfterResourceOperation(authCtx)
}