You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@servicecomb.apache.org by li...@apache.org on 2021/05/19 09:29:15 UTC
[servicecomb-service-center] branch master updated: SCB-2176
Standardize RBAC APIs (#983)
This is an automated email from the ASF dual-hosted git repository.
littlecui pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/servicecomb-service-center.git
The following commit(s) were added to refs/heads/master by this push:
new c724993 SCB-2176 Standardize RBAC APIs (#983)
c724993 is described below
commit c72499314a8b6ff73c91030caa6ae6ccf594e5cf
Author: little-cui <su...@qq.com>
AuthorDate: Wed May 19 17:29:04 2021 +0800
SCB-2176 Standardize RBAC APIs (#983)
---
server/plugin/auth/buildin/buidlin_test.go | 8 +++----
server/resource/v4/auth_resource.go | 10 ++++-----
server/resource/v4/rbac_resource_test.go | 36 +++++++++++++++---------------
server/resource/v4/role_resource.go | 10 ++++-----
server/service/rbac/resource.go | 4 ++--
5 files changed, 34 insertions(+), 34 deletions(-)
diff --git a/server/plugin/auth/buildin/buidlin_test.go b/server/plugin/auth/buildin/buidlin_test.go
index 063ab3f..b68bf9e 100644
--- a/server/plugin/auth/buildin/buidlin_test.go
+++ b/server/plugin/auth/buildin/buidlin_test.go
@@ -95,7 +95,7 @@ func TestTokenAuthenticator_Identify(t *testing.T) {
assert.Error(t, err)
})
t.Run("valid admin token, should be able to get account", func(t *testing.T) {
- r := httptest.NewRequest(http.MethodGet, "/v4/account", nil)
+ r := httptest.NewRequest(http.MethodGet, "/v4/accounts", nil)
to, err := authr.Login(context.TODO(), "root", "Complicated_password1")
assert.NoError(t, err)
r.Header.Set(restful.HeaderAuth, "Bear "+to)
@@ -105,7 +105,7 @@ func TestTokenAuthenticator_Identify(t *testing.T) {
t.Run("valid normal token, should no be able to get account", func(t *testing.T) {
err := dao.CreateAccount(context.TODO(), &rbacmodel.Account{Name: "non-admin", Password: "Complicated_password1"})
assert.NoError(t, err)
- r := httptest.NewRequest(http.MethodGet, "/v4/account", nil)
+ r := httptest.NewRequest(http.MethodGet, "/v4/accounts", nil)
to, err := authr.Login(context.TODO(), "non-admin", "Complicated_password1")
assert.NoError(t, err)
r.Header.Set(restful.HeaderAuth, "Bear "+to)
@@ -114,7 +114,7 @@ func TestTokenAuthenticator_Identify(t *testing.T) {
assert.Error(t, err)
})
t.Run("valid normal token, should no be able to delete account", func(t *testing.T) {
- r := httptest.NewRequest(http.MethodDelete, "/v4/account", nil)
+ r := httptest.NewRequest(http.MethodDelete, "/v4/accounts", nil)
v := r.URL.Query()
v.Set(":name", "non-admin")
to, err := authr.Login(context.TODO(), "non-admin", "Complicated_password1")
@@ -125,7 +125,7 @@ func TestTokenAuthenticator_Identify(t *testing.T) {
assert.Error(t, err)
})
t.Run("valid admin token, should be able to delete account", func(t *testing.T) {
- r := httptest.NewRequest(http.MethodDelete, "/v4/account/:name", nil)
+ r := httptest.NewRequest(http.MethodDelete, "/v4/accounts/:name", nil)
v := r.URL.Query()
v.Set(":name", "admin")
to, err := authr.Login(context.TODO(), "root", "Complicated_password1")
diff --git a/server/resource/v4/auth_resource.go b/server/resource/v4/auth_resource.go
index c89b363..ab54e1f 100644
--- a/server/resource/v4/auth_resource.go
+++ b/server/resource/v4/auth_resource.go
@@ -45,11 +45,11 @@ type AuthResource struct {
func (r *AuthResource) URLPatterns() []rest.Route {
return []rest.Route{
{Method: http.MethodPost, Path: "/v4/token", Func: r.Login},
- {Method: http.MethodPost, Path: "/v4/account", Func: r.CreateAccount},
- {Method: http.MethodGet, Path: "/v4/account", Func: r.ListAccount},
- {Method: http.MethodGet, Path: "/v4/account/:name", Func: r.GetAccount},
- {Method: http.MethodDelete, Path: "/v4/account/:name", Func: r.DeleteAccount},
- {Method: http.MethodPost, Path: "/v4/account/:name/password", Func: r.ChangePassword},
+ {Method: http.MethodPost, Path: "/v4/accounts", Func: r.CreateAccount},
+ {Method: http.MethodGet, Path: "/v4/accounts", Func: r.ListAccount},
+ {Method: http.MethodGet, Path: "/v4/accounts/:name", Func: r.GetAccount},
+ {Method: http.MethodDelete, Path: "/v4/accounts/:name", Func: r.DeleteAccount},
+ {Method: http.MethodPost, Path: "/v4/accounts/:name/password", Func: r.ChangePassword},
}
}
func (r *AuthResource) CreateAccount(w http.ResponseWriter, req *http.Request) {
diff --git a/server/resource/v4/rbac_resource_test.go b/server/resource/v4/rbac_resource_test.go
index 0668ac6..6a6bace 100644
--- a/server/resource/v4/rbac_resource_test.go
+++ b/server/resource/v4/rbac_resource_test.go
@@ -117,7 +117,7 @@ func TestAuthResource_Login(t *testing.T) {
t.Run("create dev_account", func(t *testing.T) {
b, _ := json.Marshal(&rbacmodel.Account{Name: "dev_account", Password: "Complicated_password1", Roles: []string{"developer"}})
- r, _ := http.NewRequest(http.MethodPost, "/v4/account", bytes.NewBuffer(b))
+ r, _ := http.NewRequest(http.MethodPost, "/v4/accounts", bytes.NewBuffer(b))
r.Header.Set(restful.HeaderAuth, "Bearer "+to.TokenStr)
w := httptest.NewRecorder()
rest.GetRouter().ServeHTTP(w, r)
@@ -133,7 +133,7 @@ func TestAuthResource_Login(t *testing.T) {
assert.Equal(t, http.StatusOK, w.Code)
b2, _ := json.Marshal(&rbacmodel.Account{Name: "dev_account", CurrentPassword: "Complicated_password1", Password: "Complicated_password2"})
- r2, _ := http.NewRequest(http.MethodPost, "/v4/account/dev_account/password", bytes.NewBuffer(b2))
+ r2, _ := http.NewRequest(http.MethodPost, "/v4/accounts/dev_account/password", bytes.NewBuffer(b2))
r2.Header.Set(restful.HeaderAuth, "Bearer "+to.TokenStr)
w2 := httptest.NewRecorder()
rest.GetRouter().ServeHTTP(w2, r2)
@@ -158,7 +158,7 @@ func TestAuthResource_DeleteAccount(t *testing.T) {
devTo := &rbacmodel.Token{}
json.Unmarshal(w.Body.Bytes(), devTo)
- r2, _ := http.NewRequest(http.MethodDelete, "/v4/account/dev_account", nil)
+ r2, _ := http.NewRequest(http.MethodDelete, "/v4/accounts/dev_account", nil)
r2.Header.Set(restful.HeaderAuth, "Bearer "+devTo.TokenStr)
w2 := httptest.NewRecorder()
rest.GetRouter().ServeHTTP(w2, r2)
@@ -174,13 +174,13 @@ func TestAuthResource_DeleteAccount(t *testing.T) {
json.Unmarshal(w.Body.Bytes(), to)
b, _ = json.Marshal(&rbacmodel.Account{Name: "delete_account", Password: "Complicated_password1"})
- r2, _ := http.NewRequest(http.MethodPost, "/v4/account", bytes.NewBuffer(b))
+ r2, _ := http.NewRequest(http.MethodPost, "/v4/accounts", bytes.NewBuffer(b))
r2.Header.Set(restful.HeaderAuth, "Bearer "+to.TokenStr)
w2 := httptest.NewRecorder()
rest.GetRouter().ServeHTTP(w2, r2)
assert.Equal(t, http.StatusOK, w2.Code)
- r3, _ := http.NewRequest(http.MethodDelete, "/v4/account/delete_account", nil)
+ r3, _ := http.NewRequest(http.MethodDelete, "/v4/accounts/delete_account", nil)
r3.Header.Set(restful.HeaderAuth, "Bearer "+to.TokenStr)
w3 := httptest.NewRecorder()
rest.GetRouter().ServeHTTP(w3, r3)
@@ -197,7 +197,7 @@ func TestAuthResource_GetAccount(t *testing.T) {
to := &rbacmodel.Token{}
json.Unmarshal(w.Body.Bytes(), to)
- r3, _ := http.NewRequest(http.MethodGet, "/v4/account/dev_account", nil)
+ r3, _ := http.NewRequest(http.MethodGet, "/v4/accounts/dev_account", nil)
r3.Header.Set(restful.HeaderAuth, "Bearer "+to.TokenStr)
w3 := httptest.NewRecorder()
rest.GetRouter().ServeHTTP(w3, r3)
@@ -218,7 +218,7 @@ func TestAuthResource_GetAccount(t *testing.T) {
to := &rbacmodel.Token{}
json.Unmarshal(w.Body.Bytes(), to)
- r3, _ := http.NewRequest(http.MethodGet, "/v4/account", nil)
+ r3, _ := http.NewRequest(http.MethodGet, "/v4/accounts", nil)
r3.Header.Set(restful.HeaderAuth, "Bearer "+to.TokenStr)
w3 := httptest.NewRecorder()
rest.GetRouter().ServeHTTP(w3, r3)
@@ -248,7 +248,7 @@ func TestAuthResource_GetAccount(t *testing.T) {
json.Unmarshal(w.Body.Bytes(), to)
time.Sleep(11 * time.Second)
- r3, _ := http.NewRequest(http.MethodGet, "/v4/account", nil)
+ r3, _ := http.NewRequest(http.MethodGet, "/v4/accounts", nil)
r3.Header.Set(restful.HeaderAuth, "Bearer "+to.TokenStr)
w3 := httptest.NewRecorder()
rest.GetRouter().ServeHTTP(w3, r3)
@@ -277,7 +277,7 @@ func TestRoleResource_CreateOrUpdateRole(t *testing.T) {
t.Run("create account dev_test and add a role", func(t *testing.T) {
b, _ := json.Marshal(&rbacmodel.Account{Name: "dev_test", Password: "Complicated_password3", Roles: []string{"tester"}})
- r, _ := http.NewRequest(http.MethodPost, "/v4/account", bytes.NewBuffer(b))
+ r, _ := http.NewRequest(http.MethodPost, "/v4/accounts", bytes.NewBuffer(b))
r.Header.Set(restful.HeaderAuth, "Bearer "+to.TokenStr)
w := httptest.NewRecorder()
rest.GetRouter().ServeHTTP(w, r)
@@ -304,13 +304,13 @@ func TestRoleResource_CreateOrUpdateRole(t *testing.T) {
},
})
- r2, _ := http.NewRequest(http.MethodPost, "/v4/role", bytes.NewReader(b2))
+ r2, _ := http.NewRequest(http.MethodPost, "/v4/roles", bytes.NewReader(b2))
r2.Header.Set(restful.HeaderAuth, "Bearer "+to.TokenStr)
w2 := httptest.NewRecorder()
rest.GetRouter().ServeHTTP(w2, r2)
assert.Equal(t, http.StatusOK, w2.Code)
- r3, _ := http.NewRequest(http.MethodGet, "/v4/role", nil)
+ r3, _ := http.NewRequest(http.MethodGet, "/v4/roles", nil)
r3.Header.Set(restful.HeaderAuth, "Bearer "+to.TokenStr)
w3 := httptest.NewRecorder()
rest.GetRouter().ServeHTTP(w3, r3)
@@ -325,7 +325,7 @@ func TestRoleResource_CreateOrUpdateRole(t *testing.T) {
},
},
})
- r4, _ := http.NewRequest(http.MethodPut, "/v4/role/tester", bytes.NewReader(b4))
+ r4, _ := http.NewRequest(http.MethodPut, "/v4/roles/tester", bytes.NewReader(b4))
r4.Header.Set(restful.HeaderAuth, "Bearer "+to.TokenStr)
w4 := httptest.NewRecorder()
rest.GetRouter().ServeHTTP(w4, r4)
@@ -342,13 +342,13 @@ func TestRoleResource_CreateOrUpdateRole(t *testing.T) {
to := &rbacmodel.Token{}
json.Unmarshal(w.Body.Bytes(), to)
- r2, _ := http.NewRequest(http.MethodGet, "/v4/role/admin", nil)
+ r2, _ := http.NewRequest(http.MethodGet, "/v4/roles/admin", nil)
r2.Header.Set(restful.HeaderAuth, "Bearer "+to.TokenStr)
w2 := httptest.NewRecorder()
rest.GetRouter().ServeHTTP(w2, r2)
assert.Equal(t, http.StatusOK, w2.Code)
- r3, _ := http.NewRequest(http.MethodDelete, "/v4/role/admin", nil)
+ r3, _ := http.NewRequest(http.MethodDelete, "/v4/roles/admin", nil)
r3.Header.Set(restful.HeaderAuth, "Bearer "+to.TokenStr)
w3 := httptest.NewRecorder()
rest.GetRouter().ServeHTTP(w3, r3)
@@ -387,7 +387,7 @@ func TestRoleResource_MoreRoles(t *testing.T) {
},
})
- r, _ := http.NewRequest(http.MethodPost, "/v4/role", bytes.NewReader(b))
+ r, _ := http.NewRequest(http.MethodPost, "/v4/roles", bytes.NewReader(b))
r.Header.Set(restful.HeaderAuth, "Bearer "+to.TokenStr)
w := httptest.NewRecorder()
rest.GetRouter().ServeHTTP(w, r)
@@ -405,13 +405,13 @@ func TestRoleResource_MoreRoles(t *testing.T) {
},
})
- r, _ := http.NewRequest(http.MethodPost, "/v4/role", bytes.NewReader(b))
+ r, _ := http.NewRequest(http.MethodPost, "/v4/roles", bytes.NewReader(b))
r.Header.Set(restful.HeaderAuth, "Bearer "+to.TokenStr)
w := httptest.NewRecorder()
rest.GetRouter().ServeHTTP(w, r)
assert.Equal(t, http.StatusOK, w.Code)
- r2, _ := http.NewRequest(http.MethodGet, "/v4/role", nil)
+ r2, _ := http.NewRequest(http.MethodGet, "/v4/roles", nil)
r2.Header.Set(restful.HeaderAuth, "Bearer "+to.TokenStr)
w2 := httptest.NewRecorder()
rest.GetRouter().ServeHTTP(w2, r2)
@@ -421,7 +421,7 @@ func TestRoleResource_MoreRoles(t *testing.T) {
t.Run("account dev_test2 support more than 1 role ", func(t *testing.T) {
b, _ := json.Marshal(&rbacmodel.Account{Name: "dev_test2", Password: "Complicated_password3", Roles: []string{"tester", "tester2"}})
- r, _ := http.NewRequest(http.MethodPost, "/v4/account", bytes.NewBuffer(b))
+ r, _ := http.NewRequest(http.MethodPost, "/v4/accounts", bytes.NewBuffer(b))
r.Header.Set(restful.HeaderAuth, "Bearer "+to.TokenStr)
w := httptest.NewRecorder()
rest.GetRouter().ServeHTTP(w, r)
diff --git a/server/resource/v4/role_resource.go b/server/resource/v4/role_resource.go
index fe12d30..57e6867 100644
--- a/server/resource/v4/role_resource.go
+++ b/server/resource/v4/role_resource.go
@@ -42,11 +42,11 @@ type RoleResource struct {
//URLPatterns define http pattern
func (r *RoleResource) URLPatterns() []rest.Route {
return []rest.Route{
- {Method: http.MethodGet, Path: "/v4/role", Func: r.GetRolePermission},
- {Method: http.MethodPost, Path: "/v4/role", Func: r.CreateRolePermission},
- {Method: http.MethodPut, Path: "/v4/role/:roleName", Func: r.UpdateRolePermission},
- {Method: http.MethodGet, Path: "/v4/role/:roleName", Func: r.GetRole},
- {Method: http.MethodDelete, Path: "/v4/role/:roleName", Func: r.DeleteRole},
+ {Method: http.MethodGet, Path: "/v4/roles", Func: r.GetRolePermission},
+ {Method: http.MethodPost, Path: "/v4/roles", Func: r.CreateRolePermission},
+ {Method: http.MethodPut, Path: "/v4/roles/:roleName", Func: r.UpdateRolePermission},
+ {Method: http.MethodGet, Path: "/v4/roles/:roleName", Func: r.GetRole},
+ {Method: http.MethodDelete, Path: "/v4/roles/:roleName", Func: r.DeleteRole},
}
}
diff --git a/server/service/rbac/resource.go b/server/service/rbac/resource.go
index 6671a37..8043ffc 100644
--- a/server/service/rbac/resource.go
+++ b/server/service/rbac/resource.go
@@ -33,9 +33,9 @@ const (
var (
APITokenGranter = "/v4/token"
- APIAccountList = "/v4/account"
+ APIAccountList = "/v4/accounts"
- APIRoleList = "/v4/role"
+ APIRoleList = "/v4/roles"
APIOps = "/v4/:project/admin"