diff --git a/main.go b/main.go index 92cca1dd..cc9052eb 100644 --- a/main.go +++ b/main.go @@ -7,6 +7,7 @@ import ( "infini.sh/console/model" "infini.sh/console/model/alerting" "infini.sh/console/model/gateway" + "infini.sh/console/model/rbac" _ "infini.sh/console/plugin" "infini.sh/framework" "infini.sh/framework/core/elastic" @@ -49,7 +50,7 @@ func main() { terminalFooter := "" app := framework.NewApp("console", "INFINI Cloud Console, The easiest way to operate your own elasticsearch platform.", - config.Version,config.BuildNumber, config.LastCommitLog, config.BuildDate, config.EOLDate, terminalHeader, terminalFooter) + config.Version, config.BuildNumber, config.LastCommitLog, config.BuildDate, config.EOLDate, terminalHeader, terminalFooter) app.Init(nil) defer app.Shutdown() @@ -58,11 +59,10 @@ func main() { if app.Setup(func() { err := bootstrapRequirementCheck() - if err !=nil{ + if err != nil { panic(err) } - //load core modules first module.RegisterSystemModule(&elastic2.ElasticModule{}) module.RegisterSystemModule(&filter.FilterModule{}) @@ -117,20 +117,19 @@ func main() { module.Start() - orm.RegisterSchemaWithIndexName(model.Dict{}, "dict") orm.RegisterSchemaWithIndexName(model.Reindex{}, "reindex") orm.RegisterSchemaWithIndexName(elastic.View{}, "view") orm.RegisterSchemaWithIndexName(alerting.Alert{}, "alerting-alerts") orm.RegisterSchemaWithIndexName(elastic.CommonCommand{}, "commands") orm.RegisterSchemaWithIndexName(elastic.TraceTemplate{}, "trace-template") - orm.RegisterSchemaWithIndexName(gateway.Instance{} , "gateway-instance") - orm.RegisterSchemaWithIndexName(alerting.Rule{} , "alert-rule") - orm.RegisterSchemaWithIndexName(alerting.Alert{} , "alert-history") - + orm.RegisterSchemaWithIndexName(gateway.Instance{}, "gateway-instance") + orm.RegisterSchemaWithIndexName(alerting.Rule{}, "alert-rule") + orm.RegisterSchemaWithIndexName(alerting.Alert{}, "alert-history") + orm.RegisterSchemaWithIndexName(rbac.Role{}, "rbac-role") + orm.RegisterSchemaWithIndexName(rbac.User{}, "rbac-user") api.RegisterSchema() - }, nil) { app.Run() } diff --git a/plugin/api/rbac/biz/role.go b/plugin/api/rbac/biz/role.go new file mode 100644 index 00000000..2a3afdb7 --- /dev/null +++ b/plugin/api/rbac/biz/role.go @@ -0,0 +1,77 @@ +package biz + +import ( + "fmt" + "infini.sh/console/model/rbac" + "infini.sh/console/plugin/api/rbac/dto" + "infini.sh/framework/core/util" + "time" + + "infini.sh/framework/core/orm" +) + +func CreateRole(req dto.CreateRoleReq) (id string, err error) { + + q := &orm.Query{Size: 1000} + q.Conds = orm.And(orm.Eq("name", req.Name)) + + err, result := orm.Search(rbac.Role{}, q) + if err != nil { + return + } + + fmt.Println(string(result.Raw)) + role := &rbac.Role{ + Name: req.Name, + Description: req.Description, + RoleType: req.RoleType, + Permission: req.Permission, + } + role.ID = util.GetUUID() + role.Created = time.Now() + role.Updated = time.Now() + err = orm.Save(role) + return +} +func DeleteRole(id string) (err error) { + role := &rbac.Role{} + role.ID = id + _, err = orm.Get(&role) + if err != nil { + return + } + return orm.Delete(role) +} +func isExistRole(o interface{}) (err error) { + _, err = orm.Get(o) + if err != nil { + return + } + + return +} +func UpdateRole(id string, req dto.UpdateRoleReq) (err error) { + role := rbac.Role{} + role.ID = id + _, err = orm.Get(&role) + if err != nil { + return + } + role.Description = req.Description + role.Permission = req.Permission + err = orm.Save(role) + return +} +func GetRole(id string) (role rbac.Role, err error) { + + role.ID = id + _, err = orm.Get(&role) + if err != nil { + return + } + + return +} +func SearchRole() (roles []rbac.Role, err error) { + return +} diff --git a/plugin/api/rbac/dto/role.go b/plugin/api/rbac/dto/role.go new file mode 100644 index 00000000..3cc4b816 --- /dev/null +++ b/plugin/api/rbac/dto/role.go @@ -0,0 +1,18 @@ +package dto + +type CreateRoleReq struct { + Name string `json:"name"` + Description string `json:"description" ` + RoleType string `json:"type" ` + Permission interface{} `json:"permission"` +} +type UpdateRoleReq struct { + Description string `json:"description" ` + Permission interface{} `json:"permission"` +} +type ElasticsearchPermission struct { + Cluster []string `json:"cluster" ` + Index []string `json:"index" ` + ClusterPrivilege []string `json:"cluster_privilege" ` + IndexPrivilege []string `json:"index_privilege" ` +} diff --git a/plugin/api/rbac/init.go b/plugin/api/rbac/init.go index e1b434d8..fde96f46 100644 --- a/plugin/api/rbac/init.go +++ b/plugin/api/rbac/init.go @@ -16,11 +16,16 @@ type Rbac struct { func registerRouter() { r := Rbac{} api.HandleAPIMethod(api.GET, "/permission/:type", r.ListPermission) - api.HandleAPIMethod(api.POST, "/role", r.CreateRole) + api.HandleAPIMethod(api.POST, "/role/:type", r.CreateRole) api.HandleAPIMethod(api.GET, "/role/:id", r.GetRole) api.HandleAPIMethod(api.DELETE, "/role/:id", r.DeleteRole) api.HandleAPIMethod(api.PUT, "/role/:id", r.UpdateRole) - api.HandleAPIMethod(api.GET, "/roles", r.ListRole) + api.HandleAPIMethod(api.GET, "/roles/:type", r.ListRole) + + api.HandleAPIMethod(api.GET, "/user/:id", r.ListRole) + api.HandleAPIMethod(api.GET, "/users", r.ListRole) + api.HandleAPIMethod(api.DELETE, "/user/:id", r.ListRole) + api.HandleAPIMethod(api.GET, "/users", r.ListRole) } @@ -50,3 +55,35 @@ func init() { registerRouter() loadJsonConfig() } + +type Response struct { + Hit interface{} `json:"hit,omitempty"` + Id string `json:"_id,omitempty"` + Result string `json:"result,omitempty"` + Found bool `json:"found,omitempty"` +} + +func CreateResponse(id string) Response { + return Response{ + Id: id, + Result: "created", + } +} +func UpdateResponse(id string) Response { + return Response{ + Id: id, + Result: "updated", + } +} +func DeleteResponse(id string) Response { + return Response{ + Id: id, + Result: "deleted", + } +} +func NotFoundResponse(id string) Response { + return Response{ + Id: id, + Found: false, + } +} diff --git a/plugin/api/rbac/permission.go b/plugin/api/rbac/permission.go index f502043e..c4222b4c 100644 --- a/plugin/api/rbac/permission.go +++ b/plugin/api/rbac/permission.go @@ -15,10 +15,6 @@ const ( Elastisearch RoleType = "elasticsearch" ) -type Response struct { - Hit interface{} `json:"hit"` -} - func validateRoleType(roleType RoleType) (err error) { if roleType != Console && roleType != Elastisearch { err = errors.New("unsupport type parmeter " + roleType) diff --git a/plugin/api/rbac/role.go b/plugin/api/rbac/role.go index dc647dce..c75bd8bf 100644 --- a/plugin/api/rbac/role.go +++ b/plugin/api/rbac/role.go @@ -2,34 +2,45 @@ package rbac import ( log "github.com/cihub/seelog" + "infini.sh/console/plugin/api/rbac/biz" + "infini.sh/console/plugin/api/rbac/dto" httprouter "infini.sh/framework/core/api/router" "net/http" ) -type CreateRoleReq struct { - Name string `json:"name"` - Description string `json:"description" ` - RoleType string `json:"type" ` - Permission interface{} `json:"permission"` -} -type ElasticsearchPermission struct { - Cluster []string `json:"cluster" ` - Index []string `json:"index" ` - ClusterPrivilege []string `json:"cluster_privilege" ` - IndexPrivilege []string `json:"index_privilege" ` -} - -func (h Rbac) CreateRole(w http.ResponseWriter, req *http.Request, ps httprouter.Params) { +func (h Rbac) CreateRole(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { roleType := ps.MustGetParameter("type") - err := validateRoleType(roleType) + var err error + err = validateRoleType(roleType) if err != nil { _ = log.Error(err.Error()) _ = h.WriteError(w, err.Error(), http.StatusInternalServerError) return } + var id string + + switch roleType { + case Console: + var req dto.CreateRoleReq + err = h.DecodeJSON(r, &req) + if err != nil { + _ = h.WriteError(w, err.Error(), http.StatusInternalServerError) + return + } + + id, err = biz.CreateRole(req) + } + if err != nil { + _ = log.Error(err.Error()) + _ = h.WriteError(w, err.Error(), http.StatusInternalServerError) + return + } + _ = h.WriteJSON(w, CreateResponse(id), http.StatusOK) + return } -func (h Rbac) ListRole(w http.ResponseWriter, req *http.Request, ps httprouter.Params) { + +func (h Rbac) ListRole(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { roleType := ps.MustGetParameter("type") err := validateRoleType(roleType) @@ -38,14 +49,48 @@ func (h Rbac) ListRole(w http.ResponseWriter, req *http.Request, ps httprouter.P _ = h.WriteError(w, err.Error(), http.StatusInternalServerError) return } + return } -func (h Rbac) GetRole(w http.ResponseWriter, req *http.Request, ps httprouter.Params) { - _ = ps.MustGetParameter("id") +func (h Rbac) GetRole(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { + id := ps.MustGetParameter("id") + role, err := biz.GetRole(id) + + if err != nil { + _ = log.Error(err.Error()) + _ = h.WriteError(w, err.Error(), http.StatusInternalServerError) + return + } + h.WriteJSON(w, Response{Hit: role}, http.StatusOK) + return } -func (h Rbac) DeleteRole(w http.ResponseWriter, req *http.Request, ps httprouter.Params) { - _ = ps.MustGetParameter("id") + +func (h Rbac) DeleteRole(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { + id := ps.MustGetParameter("id") + err := biz.DeleteRole(id) + if err != nil { + _ = log.Error(err.Error()) + _ = h.WriteError(w, err.Error(), http.StatusInternalServerError) + return + } + _ = h.WriteJSON(w, DeleteResponse(id), http.StatusOK) } -func (h Rbac) UpdateRole(w http.ResponseWriter, req *http.Request, ps httprouter.Params) { - _ = ps.MustGetParameter("id") + +func (h Rbac) UpdateRole(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { + id := ps.MustGetParameter("id") + var req dto.UpdateRoleReq + err := h.DecodeJSON(r, &req) + if err != nil { + _ = h.WriteError(w, err.Error(), http.StatusInternalServerError) + return + } + err = biz.UpdateRole(id, req) + + if err != nil { + _ = log.Error(err.Error()) + _ = h.WriteError(w, err.Error(), http.StatusInternalServerError) + return + } + _ = h.WriteJSON(w, UpdateResponse(id), http.StatusOK) + return }