You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@servicecomb.apache.org by ti...@apache.org on 2021/05/19 23:38:52 UTC
[servicecomb-service-center] branch master updated: SCB-2176 Update CARI (#984)

This is an automated email from the ASF dual-hosted git repository.

tianxiaoliang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/servicecomb-service-center.git


The following commit(s) were added to refs/heads/master by this push:
     new a659a4d  SCB-2176 Update CARI (#984)
a659a4d is described below

commit a659a4d1046b7e61e6e55a1fe5c21f1011d025a0
Author: little-cui <su...@qq.com>
AuthorDate: Thu May 20 07:38:46 2021 +0800

    SCB-2176 Update CARI (#984)
---
 go.mod                                   |  2 +-
 go.sum                                   |  5 +++++
 pkg/rbacframe/api.go                     |  9 ++++++---
 server/resource/v4/rbac_resource_test.go |  8 ++++----
 server/service/rbac/decision.go          | 12 +++++++-----
 server/service/rbac/rbac_test.go         |  4 ++--
 6 files changed, 25 insertions(+), 15 deletions(-)

diff --git a/go.mod b/go.mod
index bb88144..09e6eb3 100644
--- a/go.mod
+++ b/go.mod
@@ -18,7 +18,7 @@ require (
 	github.com/elithrar/simple-scrypt v1.3.0
 	github.com/fatih/color v1.10.0 // indirect
 	github.com/ghodss/yaml v1.0.0
-	github.com/go-chassis/cari v0.3.1-0.20210508100214-a13e083de04e
+	github.com/go-chassis/cari v0.3.1-0.20210519092219-69f9f0fc3452
 	github.com/go-chassis/foundation v0.3.1-0.20210513015331-b54416b66bcd
 	github.com/go-chassis/go-archaius v1.5.1
 	github.com/go-chassis/go-chassis/v2 v2.1.2-0.20210310004133-c9bc42149a18
diff --git a/go.sum b/go.sum
index 5af479f..6dab41d 100644
--- a/go.sum
+++ b/go.sum
@@ -124,6 +124,8 @@ github.com/gin-gonic/gin v1.4.0/go.mod h1:OW2EZn3DO8Ln9oIKOvM++LBO+5UPHJJDH72/q/
 github.com/go-chassis/cari v0.0.0-20201210041921-7b6fbef2df11/go.mod h1:MgtsEI0AM4Ush6Lyw27z9Gk4nQ/8GWTSXrFzupawWDM=
 github.com/go-chassis/cari v0.3.1-0.20210508100214-a13e083de04e h1:YLXfK7pSRsYK7EzUnv7WDgJNOHQSXz+UIEbOF86XI6Q=
 github.com/go-chassis/cari v0.3.1-0.20210508100214-a13e083de04e/go.mod h1:Ie2lW11Y5ZFClY9z7bhAwK6BoNxqGSf3fYGs4mPFs74=
+github.com/go-chassis/cari v0.3.1-0.20210519092219-69f9f0fc3452 h1:G2Qlpg17t0oULhz0Eu3NQgkxKDcNbpGpmgtMR6RZvwk=
+github.com/go-chassis/cari v0.3.1-0.20210519092219-69f9f0fc3452/go.mod h1:av/19fqwEP4eOC8unL/z67AAbFDwXUCko6SKa4Avrd8=
 github.com/go-chassis/foundation v0.2.2-0.20201210043510-9f6d3de40234/go.mod h1:2PjwqpVwYEVaAldl5A58a08viH8p27pNeYaiE3ZxOBA=
 github.com/go-chassis/foundation v0.2.2/go.mod h1:2PjwqpVwYEVaAldl5A58a08viH8p27pNeYaiE3ZxOBA=
 github.com/go-chassis/foundation v0.3.0/go.mod h1:2PjwqpVwYEVaAldl5A58a08viH8p27pNeYaiE3ZxOBA=
@@ -320,6 +322,9 @@ github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfV
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
 github.com/karlseguin/ccache v2.0.3-0.20170217060820-3ba9789cfd2c+incompatible h1:Yvcw4N+1TaDTNkIuHn3gn8D1KP7Wxn4LP5GngDPWcPQ=
 github.com/karlseguin/ccache v2.0.3-0.20170217060820-3ba9789cfd2c+incompatible/go.mod h1:CM9tNPzT6EdRh14+jiW8mEF9mkNZuuE51qmgGYUB93w=
+github.com/karlseguin/ccache/v2 v2.0.8 h1:lT38cE//uyf6KcFok0rlgXtGFBWxkI6h/qg4tbFyDnA=
+github.com/karlseguin/ccache/v2 v2.0.8/go.mod h1:2BDThcfQMf/c0jnZowt16eW405XIqZPavt+HoYEtcxQ=
+github.com/karlseguin/expect v1.0.2-0.20190806010014-778a5f0c6003/go.mod h1:zNBxMY8P21owkeogJELCLeHIt+voOSduHYTFUbwRAV8=
 github.com/karlseguin/expect v1.0.7 h1:OF4mqjblc450v8nKARBS5Q0AweBNR0A+O3VjjpxwBrg=
 github.com/karlseguin/expect v1.0.7/go.mod h1:lXdI8iGiQhmzpnnmU/EGA60vqKs8NbRNFnhhrJGoD5g=
 github.com/karrick/godirwalk v1.8.0/go.mod h1:H5KPZjojv4lE+QYImBI8xVtrBRgYrIVsaRPx4tDPEn4=
diff --git a/pkg/rbacframe/api.go b/pkg/rbacframe/api.go
index 00e1186..8dc46b7 100644
--- a/pkg/rbacframe/api.go
+++ b/pkg/rbacframe/api.go
@@ -20,6 +20,7 @@ package rbacframe
 
 import (
 	"crypto/rsa"
+	"github.com/go-chassis/cari/rbac"
 
 	"github.com/apache/servicecomb-service-center/pkg/util"
 	"github.com/go-chassis/go-chassis/v2/security/token"
@@ -75,10 +76,12 @@ func GetRolesList(v interface{}) ([]string, error) {
 }
 
 //BuildResourceList join the resource to an array
-func BuildResourceList(resourceType ...string) []string {
-	rt := make([]string, len(resourceType))
+func BuildResourceList(resourceType ...string) []*rbac.Resource {
+	rt := make([]*rbac.Resource, len(resourceType))
 	for i := 0; i < len(resourceType); i++ {
-		rt[i] = resourceType[i]
+		rt[i] = &rbac.Resource{
+			Type: resourceType[i],
+		}
 	}
 	return rt
 }
diff --git a/server/resource/v4/rbac_resource_test.go b/server/resource/v4/rbac_resource_test.go
index 6a6bace..7e01a10 100644
--- a/server/resource/v4/rbac_resource_test.go
+++ b/server/resource/v4/rbac_resource_test.go
@@ -298,7 +298,7 @@ func TestRoleResource_CreateOrUpdateRole(t *testing.T) {
 			Name: "tester",
 			Perms: []*rbacmodel.Permission{
 				{
-					Resources: []string{"service", "instance"},
+					Resources: []*rbacmodel.Resource{{Type: "service"}, {Type: "instance"}},
 					Verbs:     []string{"get", "create", "update"},
 				},
 			},
@@ -320,7 +320,7 @@ func TestRoleResource_CreateOrUpdateRole(t *testing.T) {
 			Name: "tester",
 			Perms: []*rbacmodel.Permission{
 				{
-					Resources: []string{"service"},
+					Resources: []*rbacmodel.Resource{{Type: "service"}},
 					Verbs:     []string{"get", "create", "update"},
 				},
 			},
@@ -381,7 +381,7 @@ func TestRoleResource_MoreRoles(t *testing.T) {
 			Name: "tester",
 			Perms: []*rbacmodel.Permission{
 				{
-					Resources: []string{"service"},
+					Resources: []*rbacmodel.Resource{{Type: "service"}},
 					Verbs:     []string{"get", "create", "update"},
 				},
 			},
@@ -399,7 +399,7 @@ func TestRoleResource_MoreRoles(t *testing.T) {
 			Name: "tester2",
 			Perms: []*rbacmodel.Permission{
 				{
-					Resources: []string{"rule"},
+					Resources: []*rbacmodel.Resource{{Type: "rule"}},
 					Verbs:     []string{"*"},
 				},
 			},
diff --git a/server/service/rbac/decision.go b/server/service/rbac/decision.go
index 006603e..ddf0650 100644
--- a/server/service/rbac/decision.go
+++ b/server/service/rbac/decision.go
@@ -28,7 +28,7 @@ import (
 
 func Allow(ctx context.Context, roleList []string, project, resource, verbs string) (bool, error) {
 	//TODO check project
-	if ableToAccessResource(roleList, "admin") {
+	if ableToOperateResource(roleList, "admin") {
 		return true, nil
 	}
 	// allPerms combines the roleList permission
@@ -61,15 +61,17 @@ func Allow(ctx context.Context, roleList []string, project, resource, verbs stri
 }
 
 func ableToOperateResource(haystack []string, needle string) bool {
-	if ableToAccessResource(haystack, "*") || ableToAccessResource(haystack, needle) {
-		return true
+	for _, e := range haystack {
+		if e == "*" || e == needle {
+			return true
+		}
 	}
 	return false
 }
 
-func ableToAccessResource(haystack []string, needle string) bool {
+func ableToAccessResource(haystack []*rbac.Resource, needle string) bool {
 	for _, e := range haystack {
-		if e == needle {
+		if e.Type == needle {
 			return true
 		}
 	}
diff --git a/server/service/rbac/rbac_test.go b/server/service/rbac/rbac_test.go
index 0dcb210..cb63543 100644
--- a/server/service/rbac/rbac_test.go
+++ b/server/service/rbac/rbac_test.go
@@ -151,11 +151,11 @@ func TestInitRBAC(t *testing.T) {
 		Name: "tester",
 		Perms: []*rbacmodel.Permission{
 			{
-				Resources: []string{"service", "instance"},
+				Resources: []*rbacmodel.Resource{{Type: "service"}, {Type: "instance"}},
 				Verbs:     []string{"get", "create", "update"},
 			},
 			{
-				Resources: []string{"rule"},
+				Resources: []*rbacmodel.Resource{{Type: "rule"}},
 				Verbs:     []string{"*"},
 			},
 		},