// Copyright 2019 Yunion // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. package mcclient import ( "fmt" "reflect" "strings" "time" "yunion.io/x/jsonutils" "yunion.io/x/pkg/gotypes" api "yunion.io/x/onecloud/pkg/apis/identity" ) type SSimpleToken struct { Token string Domain string DomainId string User string UserId string Project string `json:"tenant"` ProjectId string `json:"tenant_id"` ProjectDomain string ProjectDomainId string Roles string RoleIds string Expires time.Time SystemAccount bool Context SAuthContext } func (self *SSimpleToken) GetTokenString() string { return self.Token } func (self *SSimpleToken) GetDomainId() string { return self.DomainId } func (self *SSimpleToken) GetDomainName() string { return self.Domain } func (self *SSimpleToken) GetTenantId() string { return self.ProjectId } func (self *SSimpleToken) GetTenantName() string { return self.Project } func (self *SSimpleToken) GetProjectId() string { return self.ProjectId } func (self *SSimpleToken) GetProjectName() string { return self.Project } func (self *SSimpleToken) GetProjectDomainId() string { if len(self.ProjectDomainId) == 0 { return api.DEFAULT_DOMAIN_ID } return self.ProjectDomainId } func (self *SSimpleToken) GetProjectDomain() string { if len(self.ProjectDomain) == 0 { return api.DEFAULT_DOMAIN_NAME } return self.ProjectDomain } func (self *SSimpleToken) GetUserId() string { return self.UserId } func (self *SSimpleToken) GetUserName() string { return self.User } func (self *SSimpleToken) GetRoles() []string { return strings.Split(self.Roles, ",") } func (self *SSimpleToken) GetRoleIds() []string { return strings.Split(self.RoleIds, ",") } func (self *SSimpleToken) GetExpires() time.Time { return self.Expires } func (self *SSimpleToken) IsValid() bool { return self.ValidDuration() > 0 } func (self *SSimpleToken) ValidDuration() time.Duration { return time.Until(self.Expires) } func (self *SSimpleToken) IsAdmin() bool { roles := self.GetRoles() for i := 0; i < len(roles); i++ { if roles[i] == "admin" { return true } } return false } func (self *SSimpleToken) HasSystemAdminPrivilege() bool { return self.IsAdmin() && self.Project == "system" } /*func (this *SSimpleToken) IsAllow(scope rbacscope.TRbacScope, service string, resource string, action string, extra ...string) rbacutils.SPolicyResult { if this.isAllow(scope, service, resource, action, extra...) { return rbacutils.PolicyAllow } else { return rbacutils.PolicyDeny } } func (this *SSimpleToken) isAllow(scope rbacscope.TRbacScope, service string, resource string, action string, extra ...string) bool { if scope == rbacscope.ScopeSystem || scope == rbacscope.ScopeDomain { return this.HasSystemAdminPrivilege() } else { return true } }*/ func (self *SSimpleToken) GetRegions() []string { return nil } func (self *SSimpleToken) Len() int { return 0 } func (self *SSimpleToken) getServiceURL(service, region, zone, endpointType string) (string, error) { return "", fmt.Errorf("Not available") } func (self *SSimpleToken) getServiceURLs(service, region, zone, endpointType string) ([]string, error) { return nil, fmt.Errorf("Not available") } func (this *SSimpleToken) GetServicesByInterface(region string, infType string) []ExternalService { return nil } func (self *SSimpleToken) GetInternalServices(region string) []string { return nil } func (self *SSimpleToken) GetExternalServices(region string) []ExternalService { return nil } func (this *SSimpleToken) GetEndpoints(region string, endpointType string) []Endpoint { return nil } func (this *SSimpleToken) GetServiceCatalog() IServiceCatalog { return nil } func (this *SSimpleToken) IsSystemAccount() bool { return this.SystemAccount } func (this *SSimpleToken) GetLoginSource() string { return this.Context.Source } func (this *SSimpleToken) GetLoginIp() string { return this.Context.Ip } func SimplifyToken(token TokenCredential) TokenCredential { simToken, ok := token.(*SSimpleToken) if ok { return simToken } return &SSimpleToken{Token: token.GetTokenString(), Domain: token.GetDomainName(), DomainId: token.GetDomainId(), User: token.GetUserName(), UserId: token.GetUserId(), Project: token.GetProjectName(), ProjectId: token.GetProjectId(), ProjectDomain: token.GetProjectDomain(), ProjectDomainId: token.GetProjectDomainId(), Roles: strings.Join(token.GetRoles(), ","), RoleIds: strings.Join(token.GetRoleIds(), ","), Expires: token.GetExpires(), Context: SAuthContext{ Source: token.GetLoginSource(), Ip: token.GetLoginIp(), }, SystemAccount: token.IsSystemAccount(), } } func (self *SSimpleToken) GetCatalogData(serviceTypes []string, region string) jsonutils.JSONObject { return nil } func (self *SSimpleToken) String() string { return self.ToJson().String() } func (self *SSimpleToken) IsZero() bool { return len(self.UserId) == 0 && len(self.ProjectId) == 0 } func (self *SSimpleToken) ToJson() jsonutils.JSONObject { return jsonutils.Marshal(self) } var TokenCredentialType reflect.Type func init() { TokenCredentialType = reflect.TypeOf((*TokenCredential)(nil)).Elem() gotypes.RegisterSerializable(TokenCredentialType, func() gotypes.ISerializable { return &SSimpleToken{} }) }