You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@servicecomb.apache.org by li...@apache.org on 2021/12/16 01:54:54 UTC
[servicecomb-service-center] branch master updated: add policy service (#1179)
This is an automated email from the ASF dual-hosted git repository.
littlecui pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/servicecomb-service-center.git
The following commit(s) were added to refs/heads/master by this push:
new de2aba9 add policy service (#1179)
de2aba9 is described below
commit de2aba9878ad9e6323627fdda8fd539649e65a4b
Author: Shawn <xi...@gmail.com>
AuthorDate: Thu Dec 16 09:54:49 2021 +0800
add policy service (#1179)
* add policy service proto
* add policy service proto; use lower case for attribute
---
api/README.md | 4 ++
api/auth/v1/policy_service.proto | 20 ++++++
api/sync/v1/event_service.pb.go | 8 +--
api/sync/v1/event_service.proto | 2 +-
.../service_center/body/create_role_perms.json | 73 ++++++++++++++++++++++
5 files changed, 102 insertions(+), 5 deletions(-)
diff --git a/api/README.md b/api/README.md
index cc40108..a46a156 100644
--- a/api/README.md
+++ b/api/README.md
@@ -4,6 +4,10 @@ This go module contains all grpc service definition of service center
### APIs
#### sync
service center metadata sync APIs, used in service center peer clusters data sync
+#### auth
+service center itself act as an auth server
+which maintain account, role, perms data.
+it exposes API for internal services to check token has perms to access resource
### Development Guide
#### To generate grpc code
```shell
diff --git a/api/auth/v1/policy_service.proto b/api/auth/v1/policy_service.proto
new file mode 100644
index 0000000..7b52883
--- /dev/null
+++ b/api/auth/v1/policy_service.proto
@@ -0,0 +1,20 @@
+syntax = "proto3";
+package api.sync.v1;
+option go_package="github.com/apache/servicecomb-service-center/api/auth/v1;v1";
+
+message Permission {
+ string id = 1;
+ string name = 2;
+}
+message Role {
+ string id = 1;
+ string name = 2;
+ repeated Permission perms =3;
+}
+message RoleReply {
+ repeated Role roles = 1;
+}
+
+service PolicyService {
+ rpc GetAllRoles(google.protobuf.Empty) returns (RoleReply) {}
+}
\ No newline at end of file
diff --git a/api/sync/v1/event_service.pb.go b/api/sync/v1/event_service.pb.go
index 4570fab..5463cc1 100644
--- a/api/sync/v1/event_service.pb.go
+++ b/api/sync/v1/event_service.pb.go
@@ -25,7 +25,7 @@ type EventList struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
- Events []*Event `protobuf:"bytes,1,rep,name=Events,proto3" json:"Events,omitempty"`
+ Events []*Event `protobuf:"bytes,1,rep,name=events,proto3" json:"events,omitempty"`
}
func (x *EventList) Reset() {
@@ -254,9 +254,9 @@ var file_event_service_proto_rawDesc = []byte{
0x0a, 0x13, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e,
0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0b, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x79, 0x6e, 0x63, 0x2e,
0x76, 0x31, 0x22, 0x37, 0x0a, 0x09, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x4c, 0x69, 0x73, 0x74, 0x12,
- 0x2a, 0x0a, 0x06, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32,
+ 0x2a, 0x0a, 0x06, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32,
0x12, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x79, 0x6e, 0x63, 0x2e, 0x76, 0x31, 0x2e, 0x45, 0x76,
- 0x65, 0x6e, 0x74, 0x52, 0x06, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x22, 0xca, 0x01, 0x0a, 0x05,
+ 0x65, 0x6e, 0x74, 0x52, 0x06, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x22, 0xca, 0x01, 0x0a, 0x05,
0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28,
0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18,
0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x18, 0x0a,
@@ -316,7 +316,7 @@ var file_event_service_proto_goTypes = []interface{}{
nil, // 5: api.sync.v1.Results.ResultsEntry
}
var file_event_service_proto_depIdxs = []int32{
- 1, // 0: api.sync.v1.EventList.Events:type_name -> api.sync.v1.Event
+ 1, // 0: api.sync.v1.EventList.events:type_name -> api.sync.v1.Event
4, // 1: api.sync.v1.Event.opts:type_name -> api.sync.v1.Event.OptsEntry
5, // 2: api.sync.v1.Results.results:type_name -> api.sync.v1.Results.ResultsEntry
3, // 3: api.sync.v1.Results.ResultsEntry.value:type_name -> api.sync.v1.Result
diff --git a/api/sync/v1/event_service.proto b/api/sync/v1/event_service.proto
index 004938f..4f5eb30 100644
--- a/api/sync/v1/event_service.proto
+++ b/api/sync/v1/event_service.proto
@@ -2,7 +2,7 @@ syntax = "proto3";
package api.sync.v1;
option go_package="github.com/apache/servicecomb-service-center/api/sync/v1;v1";
message EventList {
- repeated Event Events= 1;
+ repeated Event events= 1;
}
message Event {
string id = 1; //entity id
diff --git a/examples/service_center/body/create_role_perms.json b/examples/service_center/body/create_role_perms.json
new file mode 100644
index 0000000..31def86
--- /dev/null
+++ b/examples/service_center/body/create_role_perms.json
@@ -0,0 +1,73 @@
+{
+ "name": "ISVa",
+ "perms": [
+ {
+ "resources": [
+ {
+ "type": "service"
+ }
+ ],
+ "verbs": [
+ "get"
+ ]
+ },
+ {
+ "resources": [
+ {
+ "type": "service",
+ "labels": {
+ "serviceName": "order-service",
+ "app": "mall"
+ }
+ }
+ ],
+ "verbs": [
+ "update",
+ "delete"
+ ]
+ },
+ {
+ "resources": [
+ {
+ "type": "config",
+ "match": "any",
+ "labels": {
+ "serviceName": "order-service",
+ "app": "mall"
+ }
+ }
+ ],
+ "verbs": [
+ "*"
+ ]
+ },
+ {
+ "resources": [
+ {
+ "type": "config",
+ "match": "exact", //default is "any"
+ "labels": {
+ "app": "mall"
+ }
+ }
+ ],
+ "verbs": [
+ "get"
+ ]
+ }, {
+ "resources": [
+ {
+ "type": "config",
+ "match": "exact", //default is "any"
+ "labels": {
+ "environment": "testing",
+ "app": "mall"
+ }
+ }
+ ],
+ "verbs": [
+ "*"
+ ]
+ }
+ ]
+}
\ No newline at end of file