-
Notifications
You must be signed in to change notification settings - Fork 0
/
policy.go
115 lines (96 loc) · 2.97 KB
/
policy.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
/*
* Tencent is pleased to support the open source community by making 蓝鲸 available.
* Copyright (C) 2017-2018 THL A29 Limited, a Tencent company. All rights reserved.
* Licensed under the MIT License (the "License"); you may not use this file except
* in compliance with the License. You may obtain a copy of the License at
* http://opensource.org/licenses/MIT
* Unless required by applicable law or agreed to in writing, software distributed under
* the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific language governing permissions and
* limitations under the License.
*/
package client
import (
"context"
"configcenter/src/scene_server/auth_server/sdk/operator"
"configcenter/src/scene_server/auth_server/sdk/types"
)
// GetUserPolicy get a user's policy with a action and resources
func (ac *authClient) GetUserPolicy(ctx context.Context, opt *types.GetPolicyOption) (*operator.Policy, error) {
resp := new(types.GetPolicyResp)
// iam requires resources to be set
if opt.Resources == nil {
opt.Resources = make([]types.Resource, 0)
}
result := ac.client.Post().
SubResourcef("/api/v1/policy/query").
WithContext(ctx).
WithHeaders(ac.cloneHeader(ctx)).
Body(opt).
Do()
err := result.Into(resp)
if err != nil {
return nil, err
}
if resp.Code != 0 {
return nil, &types.AuthError{
Rid: result.Header.Get(types.RequestIDHeaderKey),
Code: resp.Code,
Message: resp.Message,
}
}
return resp.Data, nil
}
// ListUserPolicies get a user's policy with multiple actions and resources
func (ac *authClient) ListUserPolicies(ctx context.Context, opts *types.ListPolicyOptions) (
[]*types.ActionPolicy, error) {
resp := new(types.ListPolicyResp)
// iam requires resources to be set
if opts.Resources == nil {
opts.Resources = make([]types.Resource, 0)
}
result := ac.client.Post().
SubResourcef("/api/v1/policy/query_by_actions").
WithContext(ctx).
WithHeaders(ac.cloneHeader(ctx)).
Body(opts).
Do()
err := result.Into(resp)
if err != nil {
return nil, err
}
if resp.Code != 0 {
return nil, &types.AuthError{
Rid: result.Header.Get(types.RequestIDHeaderKey),
Code: resp.Code,
Message: resp.Message,
}
}
return resp.Data, nil
}
// GetSystemToken get system token from iam, used to validate if request is from iam
func (ac *authClient) GetSystemToken(ctx context.Context) (string, error) {
resp := new(struct {
types.BaseResp
Data struct {
Token string `json:"token"`
} `json:"data"`
})
result := ac.client.Get().
SubResourcef("/api/v1/model/systems/%s/token", ac.config.SystemID).
WithContext(ctx).
WithHeaders(ac.basicHeader).
Body(nil).Do()
err := result.Into(resp)
if err != nil {
return "", err
}
if resp.Code != 0 {
return "", &types.AuthError{
Rid: result.Header.Get(types.RequestIDHeaderKey),
Code: resp.Code,
Message: resp.Message,
}
}
return resp.Data.Token, nil
}