diff --git a/VERSION b/VERSION index 43471100..d49ade8e 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.12.13 +1.12.14 diff --git a/pkg/abac/pap/group.go b/pkg/abac/pap/group.go index 711d0fa9..9ce9d523 100644 --- a/pkg/abac/pap/group.go +++ b/pkg/abac/pap/group.go @@ -44,7 +44,7 @@ type GroupController interface { ListPagingSubjectSystemGroups( _type, id, systemID string, beforeExpiredAt, limit, offset int64, ) ([]SubjectGroup, error) - FilterGroupsHasMemberBeforeExpiredAt(subjects []Subject, expiredAt int64) ([]Subject, error) + ListGroupSubjectBeforeExpiredAtBySubjects(subjects []Subject, expiredAt int64) ([]GroupSubject, error) CheckSubjectEffectGroups(_type, id string, groupIDs []string) (map[string]map[string]interface{}, error) GetGroupMemberCount(_type, id string) (int64, error) @@ -141,7 +141,10 @@ func (c *groupController) GetGroupSubjectCountBeforeExpiredAt(expiredAt int64) ( return c.service.GetGroupSubjectCountBeforeExpiredAt(expiredAt) } -func (c *groupController) FilterGroupsHasMemberBeforeExpiredAt(subjects []Subject, expiredAt int64) ([]Subject, error) { +func (c *groupController) ListGroupSubjectBeforeExpiredAtBySubjects( + subjects []Subject, + expiredAt int64, +) ([]GroupSubject, error) { errorWrapf := errorx.NewLayerFunctionErrorWrapf(GroupCTL, "FilterGroupsHasMemberBeforeExpiredAt") svcSubjects := convertToServiceSubjects(subjects) @@ -150,32 +153,20 @@ func (c *groupController) FilterGroupsHasMemberBeforeExpiredAt(subjects []Subjec return nil, errorWrapf(err, "service.ListPKsBySubjects subjects=`%+v` fail", subjects) } - existGroupPKs, err := c.service.FilterGroupPKsHasMemberBeforeExpiredAt(groupPKs, expiredAt) + svcRelations, err := c.service.ListGroupSubjectBeforeExpiredAtByGroupPKs(groupPKs, expiredAt) if err != nil { return nil, errorWrapf( - err, "service.FilterGroupPKsHasMemberBeforeExpiredAt groupPKs=`%+v`, expiredAt=`%d` fail", + err, "service.ListGroupSubjectBeforeExpiredAtByGroupPKs groupPKs=`%+v`, expiredAt=`%d` fail", groupPKs, expiredAt, ) } - existSubjects, err := cacheimpls.BatchGetSubjectByPKs(existGroupPKs) + relations, err := convertToGroupSubjects(svcRelations) if err != nil { - return nil, errorWrapf( - err, "cacheimpls.BatchGetSubjectByPKs groupPKs=`%+v` fail", - existGroupPKs, - ) - } - - existGroups := make([]Subject, 0, len(existGroupPKs)) - for _, subject := range existSubjects { - existGroups = append(existGroups, Subject{ - Type: subject.Type, - ID: subject.ID, - Name: subject.Name, - }) + return nil, errorWrapf(err, "convertToGroupSubjects svcRelations=`%+v` fail", svcRelations) } - return existGroups, nil + return relations, nil } func (c *groupController) CheckSubjectEffectGroups( diff --git a/pkg/abac/pap/mock/group.go b/pkg/abac/pap/mock/group.go index da0e8745..1286628d 100644 --- a/pkg/abac/pap/mock/group.go +++ b/pkg/abac/pap/mock/group.go @@ -108,21 +108,6 @@ func (mr *MockGroupControllerMockRecorder) DeleteGroupMembers(_type, id, members return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DeleteGroupMembers", reflect.TypeOf((*MockGroupController)(nil).DeleteGroupMembers), _type, id, members) } -// FilterGroupsHasMemberBeforeExpiredAt mocks base method. -func (m *MockGroupController) FilterGroupsHasMemberBeforeExpiredAt(subjects []pap.Subject, expiredAt int64) ([]pap.Subject, error) { - m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "FilterGroupsHasMemberBeforeExpiredAt", subjects, expiredAt) - ret0, _ := ret[0].([]pap.Subject) - ret1, _ := ret[1].(error) - return ret0, ret1 -} - -// FilterGroupsHasMemberBeforeExpiredAt indicates an expected call of FilterGroupsHasMemberBeforeExpiredAt. -func (mr *MockGroupControllerMockRecorder) FilterGroupsHasMemberBeforeExpiredAt(subjects, expiredAt interface{}) *gomock.Call { - mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "FilterGroupsHasMemberBeforeExpiredAt", reflect.TypeOf((*MockGroupController)(nil).FilterGroupsHasMemberBeforeExpiredAt), subjects, expiredAt) -} - // GetGroupMemberCount mocks base method. func (m *MockGroupController) GetGroupMemberCount(_type, id string) (int64, error) { m.ctrl.T.Helper() @@ -213,6 +198,21 @@ func (mr *MockGroupControllerMockRecorder) GetTemplateGroupMemberCount(_type, id return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetTemplateGroupMemberCount", reflect.TypeOf((*MockGroupController)(nil).GetTemplateGroupMemberCount), _type, id, templateID) } +// ListGroupSubjectBeforeExpiredAtBySubjects mocks base method. +func (m *MockGroupController) ListGroupSubjectBeforeExpiredAtBySubjects(subjects []pap.Subject, expiredAt int64) ([]pap.GroupSubject, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "ListGroupSubjectBeforeExpiredAtBySubjects", subjects, expiredAt) + ret0, _ := ret[0].([]pap.GroupSubject) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// ListGroupSubjectBeforeExpiredAtBySubjects indicates an expected call of ListGroupSubjectBeforeExpiredAtBySubjects. +func (mr *MockGroupControllerMockRecorder) ListGroupSubjectBeforeExpiredAtBySubjects(subjects, expiredAt interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListGroupSubjectBeforeExpiredAtBySubjects", reflect.TypeOf((*MockGroupController)(nil).ListGroupSubjectBeforeExpiredAtBySubjects), subjects, expiredAt) +} + // ListPagingGroupMember mocks base method. func (m *MockGroupController) ListPagingGroupMember(_type, id string, limit, offset int64) ([]pap.GroupMember, error) { m.ctrl.T.Helper() diff --git a/pkg/api/debug/handler/cache.go b/pkg/api/debug/handler/cache.go index a6a03753..f1f15494 100644 --- a/pkg/api/debug/handler/cache.go +++ b/pkg/api/debug/handler/cache.go @@ -24,9 +24,9 @@ import ( ) type queryPolicyCacheSerializer struct { - System string `form:"system" binding:"required"` + System string `form:"system" binding:"required"` SubjectType string `form:"subject_type" binding:"required"` - SubjectID string `form:"subject_id" binding:"required"` + SubjectID string `form:"subject_id" binding:"required"` Action string `form:"action"` } diff --git a/pkg/api/debug/handler/query.go b/pkg/api/debug/handler/query.go index 680a7713..60cb4b18 100644 --- a/pkg/api/debug/handler/query.go +++ b/pkg/api/debug/handler/query.go @@ -70,8 +70,8 @@ func QueryActions(c *gin.Context) { } type querySubjectsSerializer struct { - Type string `form:"type" binding:"required"` - ID string `form:"id" binding:"required"` + Type string `form:"type" binding:"required"` + ID string `form:"id" binding:"required"` System string `form:"system" binding:"required"` } @@ -154,10 +154,10 @@ func QuerySubjects(c *gin.Context) { } type queryPoliciesSerializer struct { - System string `form:"system" binding:"required"` + System string `form:"system" binding:"required"` SubjectType string `form:"subject_type" binding:"required"` - SubjectID string `form:"subject_id" binding:"required"` - Action string `form:"action" binding:"required"` + SubjectID string `form:"subject_id" binding:"required"` + Action string `form:"action" binding:"required"` } // QueryPolicies ... diff --git a/pkg/api/engine/handler/credentials_slz.go b/pkg/api/engine/handler/credentials_slz.go index aad1620f..e76edb4c 100644 --- a/pkg/api/engine/handler/credentials_slz.go +++ b/pkg/api/engine/handler/credentials_slz.go @@ -11,13 +11,13 @@ package handler type credentialsVerifySerializer struct { - Type string `json:"type" binding:"required"` - Data appCodeAppSecretSerializer `json:"data" binding:"required"` + Type string `json:"type" binding:"required"` + Data appCodeAppSecretSerializer `json:"data" binding:"required"` } type appCodeAppSecretSerializer struct { - AppCode string `json:"app_code" binding:"required"` - AppSecret string `json:"app_secret" binding:"required"` + AppCode string `json:"app_code" binding:"required"` + AppSecret string `json:"app_secret" binding:"required"` } type credentialsVerifyResponseSerializer struct { diff --git a/pkg/api/engine/handler/policy_slz.go b/pkg/api/engine/handler/policy_slz.go index bdd2b395..11d7b3c5 100644 --- a/pkg/api/engine/handler/policy_slz.go +++ b/pkg/api/engine/handler/policy_slz.go @@ -90,7 +90,7 @@ func (s *listPolicySerializer) initDefault() { type policyResponseSubject struct { Type string `json:"type" example:"user"` - ID string `json:"id" example:"admin"` + ID string `json:"id" example:"admin"` Name string `json:"name" example:"Administer"` } @@ -99,15 +99,15 @@ type policyResponseAction struct { } type enginePolicyResponse struct { - Version string `json:"version" example:"1"` - ID int64 `json:"id" example:"100"` - System string `json:"system" example:"bk_cmdb"` + Version string `json:"version" example:"1"` + ID int64 `json:"id" example:"100"` + System string `json:"system" example:"bk_cmdb"` Actions []policyResponseAction `json:"actions"` Subject policyResponseSubject `json:"subject"` Expression map[string]interface{} `json:"expression"` TemplateID int64 `json:"template_id"` - ExpiredAt int64 `json:"expired_at" example:"4102444800"` - UpdatedAt int64 `json:"updated_at" example:"4102444800"` + ExpiredAt int64 `json:"expired_at" example:"4102444800"` + UpdatedAt int64 `json:"updated_at" example:"4102444800"` } type policyListResponse struct { @@ -118,9 +118,9 @@ type policyListResponse struct { // -- listPolicyPKs type listPolicyIDsSerializer struct { - BeginUpdatedAt int64 `form:"begin_updated_at" json:"begin_updated_at" binding:"min=1" example:"1592899208"` - EndUpdatedAt int64 `form:"end_updated_at" json:"end_updated_at" binding:"min=1" example:"1592899208"` - Type string `form:"type" json:"type" binding:"omitempty,oneof=abac rbac" example:"abac"` + BeginUpdatedAt int64 `form:"begin_updated_at" json:"begin_updated_at" binding:"min=1"` + EndUpdatedAt int64 `form:"end_updated_at" json:"end_updated_at" binding:"min=1"` + Type string `form:"type" json:"type" binding:"omitempty,oneof=abac rbac"` } func (s *listPolicyIDsSerializer) validate() (bool, string) { @@ -148,8 +148,8 @@ type listPolicyIDsResponse struct { // --a getMaxPolicyPK type getMaxPolicyIDSerializer struct { - UpdatedAt int64 `form:"updated_at" json:"updated_at" binding:"min=1" example:"1592899208"` - Type string `form:"type" json:"type" binding:"omitempty,oneof=abac rbac" example:"abac"` + UpdatedAt int64 `form:"updated_at" json:"updated_at" binding:"min=1" example:"1592899208"` + Type string `form:"type" json:"type" binding:"omitempty,oneof=abac rbac" example:"abac"` } func (s *getMaxPolicyIDSerializer) initDefault() { diff --git a/pkg/api/model/handler/action_slz.go b/pkg/api/model/handler/action_slz.go index e3f6645b..3f4ae4a0 100644 --- a/pkg/api/model/handler/action_slz.go +++ b/pkg/api/model/handler/action_slz.go @@ -22,10 +22,10 @@ import ( ) type relatedResourceType struct { - SystemID string `json:"system_id" binding:"required" example:"bk_cmdb"` - ID string `json:"id" binding:"required,max=32" example:"host"` + SystemID string `json:"system_id" binding:"required" example:"bk_cmdb"` + ID string `json:"id" binding:"required,max=32" example:"host"` - NameAlias string `json:"name_alias" example:""` + NameAlias string `json:"name_alias" example:""` NameAliasEn string `json:"name_alias_en" example:""` // 实例选择方式/范围: ["all", "instance", "attribute", "instance:paste"] @@ -45,39 +45,39 @@ type relatedEnvironment struct { } type actionSerializer struct { - ID string `json:"id" binding:"required,max=32" example:"biz_create"` - Name string `json:"name" binding:"required" example:"biz_create"` - NameEn string `json:"name_en" binding:"required" example:"biz_create"` + ID string `json:"id" binding:"required,max=32" example:"biz_create"` + Name string `json:"name" binding:"required" example:"biz_create"` + NameEn string `json:"name_en" binding:"required" example:"biz_create"` - Description string `json:"description" binding:"omitempty" example:"biz_create is"` - DescriptionEn string `json:"description_en" binding:"omitempty" example:"biz_create is"` - Sensitivity int64 `json:"sensitivity" binding:"omitempty,gte=0,lte=9" example:"0"` + Description string `json:"description" binding:"omitempty" example:"biz_create is"` + DescriptionEn string `json:"description_en" binding:"omitempty" example:"biz_create is"` + Sensitivity int64 `json:"sensitivity" binding:"omitempty,gte=0,lte=9" example:"0"` AuthType string `json:"auth_type" binding:"omitempty,oneof=rbac abac" example:"abac"` - Type string `json:"type" binding:"omitempty,oneof=create edit view delete list manage execute debug use"` - Hidden bool `json:"hidden" binding:"omitempty" example:"false"` + Type string `json:"type" binding:"omitempty,oneof=create edit view delete list manage execute debug use"` + Hidden bool `json:"hidden" binding:"omitempty" example:"false"` RelatedResourceTypes []relatedResourceType `json:"related_resource_types"` RelatedActions []string `json:"related_actions"` - RelatedEnvironments []relatedEnvironment `json:"related_environments" binding:"omitempty"` + RelatedEnvironments []relatedEnvironment `json:"related_environments" binding:"omitempty"` Version int64 `json:"version" binding:"omitempty,gte=1" example:"1"` } type actionUpdateSerializer struct { - Name string `json:"name" example:"biz_create"` - NameEn string `json:"name_en" example:"biz_create"` - Description string `json:"description" binding:"omitempty" example:"biz_create is"` - DescriptionEn string `json:"description_en" binding:"omitempty" example:"biz_create is"` - Sensitivity int64 `json:"sensitivity" binding:"omitempty,gte=0,lte=9" example:"0"` + Name string `json:"name" example:"biz_create"` + NameEn string `json:"name_en" example:"biz_create"` + Description string `json:"description" example:"biz_create is" binding:"omitempty"` + DescriptionEn string `json:"description_en" example:"biz_create is" binding:"omitempty"` + Sensitivity int64 `json:"sensitivity" example:"0" binding:"omitempty,gte=0,lte=9"` AuthType string `json:"auth_type" binding:"omitempty,oneof=rbac abac" example:"abac"` - Type string `json:"type" binding:"omitempty,oneof=create edit view delete list manage execute debug use"` - Hidden bool `json:"hidden" binding:"omitempty" example:"false"` + Type string `json:"type" binding:"omitempty,oneof=create edit view delete list manage execute debug use"` + Hidden bool `json:"hidden" binding:"omitempty" example:"false"` RelatedResourceTypes []relatedResourceType `json:"related_resource_types"` RelatedActions []string `json:"related_actions"` - RelatedEnvironments []relatedEnvironment `json:"related_environments" binding:"omitempty"` + RelatedEnvironments []relatedEnvironment `json:"related_environments" binding:"omitempty"` Version int64 `json:"version" binding:"omitempty,gte=1" example:"1"` } diff --git a/pkg/api/model/handler/instance_selection_slz.go b/pkg/api/model/handler/instance_selection_slz.go index a1ffd5c0..270a3a3c 100644 --- a/pkg/api/model/handler/instance_selection_slz.go +++ b/pkg/api/model/handler/instance_selection_slz.go @@ -19,18 +19,18 @@ import ( ) type instanceSelectionSerializer struct { - ID string `json:"id" binding:"required,max=32" example:"biz_set"` - Name string `json:"name" binding:"required" example:"biz_set"` - NameEn string `json:"name_en" binding:"required" example:"biz_set"` - IsDynamic bool `json:"is_dynamic" binding:"omitempty" example:"false"` + ID string `json:"id" binding:"required,max=32" example:"biz_set"` + Name string `json:"name" binding:"required" example:"biz_set"` + NameEn string `json:"name_en" binding:"required" example:"biz_set"` + IsDynamic bool `json:"is_dynamic" binding:"omitempty" example:"false"` ResourceTypeChain []referenceResourceType `json:"resource_type_chain" structs:"resource_type_chain" binding:"required"` } type instanceSelectionUpdateSerializer struct { // ID string `json:"id" binding:"required"` - Name string `json:"name" binding:"required" example:"biz_set"` - NameEn string `json:"name_en" binding:"required" example:"biz_set"` + Name string `json:"name" binding:"required" example:"biz_set"` + NameEn string `json:"name_en" binding:"required" example:"biz_set"` IsDynamic bool `json:"is_dynamic" binding:"omitempty" example:"false"` ResourceTypeChain []referenceResourceType `json:"resource_type_chain" structs:"resource_type_chain" binding:"required"` diff --git a/pkg/api/model/handler/resource_type_slz.go b/pkg/api/model/handler/resource_type_slz.go index 2da48170..9850a336 100644 --- a/pkg/api/model/handler/resource_type_slz.go +++ b/pkg/api/model/handler/resource_type_slz.go @@ -24,13 +24,13 @@ type resourceProviderConfig struct { } type resourceTypeSerializer struct { - ID string `json:"id" binding:"required,max=32" example:"biz_set"` - Name string `json:"name" binding:"required" example:"biz_set"` - NameEn string `json:"name_en" binding:"required" example:"biz_set"` + ID string `json:"id" binding:"required,max=32" example:"biz_set"` + Name string `json:"name" binding:"required" example:"biz_set"` + NameEn string `json:"name_en" binding:"required" example:"biz_set"` - Description string `json:"description" binding:"omitempty" example:"biz_set is a"` - DescriptionEn string `json:"description_en" binding:"omitempty" example:"biz_set is a"` - Sensitivity int64 `json:"sensitivity" binding:"omitempty,gte=0,lte=9" example:"0"` + Description string `json:"description" binding:"omitempty" example:"biz_set is a"` + DescriptionEn string `json:"description_en" binding:"omitempty" example:"biz_set is a"` + Sensitivity int64 `json:"sensitivity" binding:"omitempty,gte=0,lte=9" example:"0"` // can be empty Parents []referenceResourceType `json:"parents"` @@ -42,11 +42,11 @@ type resourceTypeSerializer struct { type resourceTypeUpdateSerializer struct { // ID string `json:"id" binding:"required"` - Name string `json:"name" binding:"omitempty" example:"biz_set"` - NameEn string `json:"name_en" binding:"omitempty" example:"biz_set"` - Description string `json:"description" binding:"omitempty" example:"biz_set is a"` - DescriptionEn string `json:"description_en" binding:"omitempty" example:"biz_set is a"` - Sensitivity int64 `json:"sensitivity" binding:"omitempty,gte=0,lte=9" example:"0"` + Name string `json:"name" binding:"omitempty" example:"biz_set"` + NameEn string `json:"name_en" binding:"omitempty" example:"biz_set"` + Description string `json:"description" binding:"omitempty" example:"biz_set is a"` + DescriptionEn string `json:"description_en" binding:"omitempty" example:"biz_set is a"` + Sensitivity int64 `json:"sensitivity" binding:"omitempty,gte=0,lte=9" example:"0"` // can be empty Parents []referenceResourceType `json:"parents"` diff --git a/pkg/api/model/handler/system_config_slz.go b/pkg/api/model/handler/system_config_slz.go index a24eb33d..a7021499 100644 --- a/pkg/api/model/handler/system_config_slz.go +++ b/pkg/api/model/handler/system_config_slz.go @@ -29,9 +29,9 @@ type actionGroupActionSerializer struct { } type actionGroupSerializer struct { - Name string `json:"name" binding:"required" example:"admin"` - NameEn string `json:"name_en" binding:"required" example:"admin"` - Actions []actionGroupActionSerializer `json:"actions,omitempty" binding:"omitempty"` + Name string `json:"name" binding:"required" example:"admin"` + NameEn string `json:"name_en" binding:"required" example:"admin"` + Actions []actionGroupActionSerializer `json:"actions,omitempty" binding:"omitempty"` SubGroups []actionGroupSerializer `json:"sub_groups,omitempty" binding:"omitempty"` } @@ -97,13 +97,13 @@ func validateActionGroup(actionGroups []actionGroupSerializer, name string) (boo } type resourceCreatorSingleActionSerializer struct { - ID string `json:"id" binding:"required" example:"edit"` + ID string `json:"id" binding:"required" example:"edit"` Required bool `json:"required" binding:"required" example:"true"` } type resourceCreatorActionConfig struct { - ID string `json:"id" binding:"required" example:"host"` - Actions []resourceCreatorSingleActionSerializer `json:"actions" binding:"required,gt=0"` + ID string `json:"id" binding:"required"` + Actions []resourceCreatorSingleActionSerializer `json:"actions" binding:"required,gt=0"` SubResourceTypes []resourceCreatorActionConfig `json:"sub_resource_types,omitempty" binding:"omitempty"` } @@ -144,7 +144,7 @@ func (r *resourceCreatorActionConfig) validate() error { type resourceCreatorActionSerializer struct { // 选择支持的方式:接入系统 和 用户,对于用户,则需要在授权接口上额外传入祖先creator信息 Mode string `json:"mode,omitempty" binding:"omitempty,oneof=system user" example:"system"` - Config []resourceCreatorActionConfig `json:"config" binding:"required"` + Config []resourceCreatorActionConfig `json:"config" binding:"required"` } func (r *resourceCreatorActionSerializer) getAllActionIDResourceTypeIDFromConfig() []ActionIDResourceTypeID { @@ -187,8 +187,8 @@ type actionIDSerializer struct { } type commonActionSerializer struct { - Name string `json:"name" binding:"required" example:"admin"` - NameEn string `json:"name_en" binding:"required" example:"admin"` + Name string `json:"name" binding:"required" example:"admin"` + NameEn string `json:"name_en" binding:"required" example:"admin"` Actions []actionIDSerializer `json:"actions" binding:"required,gte=1"` } @@ -205,9 +205,9 @@ func getAllFromCommonActions(commonActions []commonActionSerializer) []string { } type featureShieldRuleSerializer struct { - Effect string `json:"effect" binding:"required,oneof=deny allow" example:"deny"` - Feature string `json:"feature" binding:"required" example:"application.custom_permission"` - Action actionIDSerializer `json:"action" binding:"required"` + Effect string `json:"effect" binding:"required,oneof=deny allow" example:"deny"` + Feature string `json:"feature" binding:"required" example:"application.custom_permission"` + Action actionIDSerializer `json:"action" binding:"required"` } func (f *featureShieldRuleSerializer) validate() error { diff --git a/pkg/api/model/handler/system_slz.go b/pkg/api/model/handler/system_slz.go index a3c8c4c2..0cb55b14 100644 --- a/pkg/api/model/handler/system_slz.go +++ b/pkg/api/model/handler/system_slz.go @@ -12,29 +12,29 @@ package handler type systemProviderConfig struct { // TODO: valid host? - Host string `json:"host" structs:"host" binding:"required,url" example:"http://bkpaas.service.consul"` + Host string `json:"host" structs:"host" binding:"required,url" example:"http://bkpaas.service.consul"` Auth string `json:"auth" structs:"auth" binding:"required,oneof=none basic" example:"basic"` Healthz string `json:"healthz" structs:"healthz" binding:"omitempty" example:"/healthz"` } type systemSerializer struct { - ID string `json:"id" binding:"required,max=32" example:"bk_paas"` - Name string `json:"name" binding:"required" example:"bk_paas"` - NameEn string `json:"name_en" binding:"required" example:"bk_paas"` - Description string `json:"description" binding:"omitempty" example:"Platform as A Service"` - DescriptionEn string `json:"description_en" binding:"omitempty" example:"Platform as A Service"` - Clients string `json:"clients" binding:"required" example:"bk_paas,bk_esb"` + ID string `json:"id" binding:"required,max=32" example:"bk_paas"` + Name string `json:"name" binding:"required" example:"bk_paas"` + NameEn string `json:"name_en" binding:"required" example:"bk_paas"` + Description string `json:"description" binding:"omitempty" example:"Platform as A Service"` + DescriptionEn string `json:"description_en" binding:"omitempty" example:"Platform as A Service"` + Clients string `json:"clients" binding:"required" example:"bk_paas,bk_esb"` ProviderConfig systemProviderConfig `json:"provider_config" binding:"required"` } type systemUpdateSerializer struct { - Name string `json:"name" binding:"omitempty" example:"bk_paas"` - NameEn string `json:"name_en" binding:"omitempty" example:"bk_paas"` - Description string `json:"description" binding:"omitempty" example:"Platform as A Service"` + Name string `json:"name" binding:"omitempty" example:"bk_paas"` + NameEn string `json:"name_en" binding:"omitempty" example:"bk_paas"` + Description string `json:"description" binding:"omitempty" example:"Platform as A Service"` DescriptionEn string `json:"description_en" binding:"omitempty" example:"Platform as A Service"` - Clients string `json:"clients" binding:"omitempty" example:"bk_paas,bk_esb"` + Clients string `json:"clients" binding:"omitempty" example:"bk_paas,bk_esb"` ProviderConfig *systemProviderConfig `json:"provider_config" binding:"omitempty"` } @@ -67,12 +67,12 @@ func (s *systemUpdateSerializer) validate(keys map[string]interface{}) (bool, st } type systemResponse struct { - ID string `json:"id" example:"bk_paas"` - Name string `json:"name" example:"bk_paas"` - NameEn string `json:"name_en" example:"bk_paas"` - Description string `json:"description" example:"Platform as A Service"` - DescriptionEn string `json:"description_en" example:"Platform as A Service"` - Clients string `json:"clients" example:"bk_paas,bk_esb"` + ID string `json:"id" example:"bk_paas"` + Name string `json:"name" example:"bk_paas"` + NameEn string `json:"name_en" example:"bk_paas"` + Description string `json:"description" example:"Platform as A Service"` + DescriptionEn string `json:"description_en" example:"Platform as A Service"` + Clients string `json:"clients" example:"bk_paas,bk_esb"` ProviderConfig map[string]interface{} `json:"provider_config"` } diff --git a/pkg/api/model/handler/types.go b/pkg/api/model/handler/types.go index fc816f9b..4d5c24c0 100644 --- a/pkg/api/model/handler/types.go +++ b/pkg/api/model/handler/types.go @@ -12,12 +12,12 @@ package handler type referenceResourceType struct { SystemID string `json:"system_id" structs:"system_id" binding:"required" example:"bk_cmdb"` - ID string `json:"id" structs:"id" binding:"required" example:"host"` + ID string `json:"id" structs:"id" binding:"required" example:"host"` } type referenceInstanceSelection struct { - SystemID string `json:"system_id" structs:"system_id" binding:"required" example:"bk_cmdb"` - ID string `json:"id" structs:"id" binding:"required" example:"host_view"` + SystemID string `json:"system_id" structs:"system_id" binding:"required" example:"bk_cmdb"` + ID string `json:"id" structs:"id" binding:"required" example:"host_view"` IgnoreIAMPath bool `json:"ignore_iam_path" structs:"ignore_iam_path" binding:"omitempty" example:"false"` } diff --git a/pkg/api/open/handler/policies_get_slz.go b/pkg/api/open/handler/policies_get_slz.go index b7e897c7..3ef98ccf 100644 --- a/pkg/api/open/handler/policies_get_slz.go +++ b/pkg/api/open/handler/policies_get_slz.go @@ -29,9 +29,9 @@ func (s *policyGetQuerySerializer) initDefault() { } type policyGetResponse struct { - Version string `json:"version" example:"1"` - ID int64 `json:"id" example:"100"` - System string `json:"system" example:"bk_test"` + Version string `json:"version" example:"1"` + ID int64 `json:"id" example:"100"` + System string `json:"system" example:"bk_test"` Subject policyResponseSubject `json:"subject"` Action policyResponseAction `json:"action"` Expression map[string]interface{} `json:"expression"` @@ -40,7 +40,7 @@ type policyGetResponse struct { type policyResponseSubject struct { Type string `json:"type" example:"user"` - ID string `json:"id" example:"admin"` + ID string `json:"id" example:"admin"` Name string `json:"name" example:"Administer"` } diff --git a/pkg/api/open/handler/policies_list_slz.go b/pkg/api/open/handler/policies_list_slz.go index 72a34498..4fa9fb7a 100644 --- a/pkg/api/open/handler/policies_list_slz.go +++ b/pkg/api/open/handler/policies_list_slz.go @@ -23,10 +23,10 @@ const ( ) type listQuerySerializer struct { - ActionID string `form:"action_id" binding:"required" example:"edit_host"` + ActionID string `form:"action_id" binding:"required" example:"edit_host"` PageSize int64 `form:"page_size" binding:"omitempty,min=10,max=500" example:"100"` - Page int64 `form:"page" binding:"omitempty,min=1" example:"1"` - Timestamp int64 `form:"timestamp" binding:"omitempty,min=1" example:"1592899208"` + Page int64 `form:"page" binding:"omitempty,min=1" example:"1"` + Timestamp int64 `form:"timestamp" binding:"omitempty,min=1" example:"1592899208"` Type string `form:"type" json:"type" binding:"omitempty,oneof=abac rbac" example:"abac"` } @@ -63,21 +63,21 @@ func (s *listQuerySerializer) initDefault() { } type thinPolicyResponse struct { - Version string `json:"version" example:"1"` - ID int64 `json:"id" example:"100"` + Version string `json:"version" example:"1"` + ID int64 `json:"id" example:"100"` Subject policyResponseSubject `json:"subject"` Expression map[string]interface{} `json:"expression"` ExpiredAt int64 `json:"expired_at" example:"4102444800"` } type policyListResponseMetadata struct { - System string `json:"system" example:"bk_test"` + System string `json:"system" example:"bk_test"` Action policyResponseAction `json:"action"` Timestamp int64 `json:"timestamp" example:"1592899208"` } type policyListResponse struct { Metadata policyListResponseMetadata `json:"metadata"` - Count int64 `json:"count" example:"120"` + Count int64 `json:"count" example:"120"` Results []thinPolicyResponse `json:"results"` } diff --git a/pkg/api/open/handler/policies_subjects_slz.go b/pkg/api/open/handler/policies_subjects_slz.go index 72b63d6d..dc1213e8 100644 --- a/pkg/api/open/handler/policies_subjects_slz.go +++ b/pkg/api/open/handler/policies_subjects_slz.go @@ -25,7 +25,7 @@ func (s *subjectsSerializer) initDefault() { } type policyIDSubject struct { - PolicyID int64 `json:"id" example:"100"` + PolicyID int64 `json:"id" example:"100"` Subject policyResponseSubject `json:"subject"` } diff --git a/pkg/api/open/handler/subject_groups_slz.go b/pkg/api/open/handler/subject_groups_slz.go index ca9c5975..f0fb12a1 100644 --- a/pkg/api/open/handler/subject_groups_slz.go +++ b/pkg/api/open/handler/subject_groups_slz.go @@ -12,7 +12,7 @@ package handler type responseSubject struct { Type string `json:"type" example:"user"` - ID string `json:"id" example:"admin"` + ID string `json:"id" example:"admin"` Name string `json:"name" example:"Administer"` } diff --git a/pkg/api/policy/handler/types.go b/pkg/api/policy/handler/types.go index c4a3b897..7b162a0f 100644 --- a/pkg/api/policy/handler/types.go +++ b/pkg/api/policy/handler/types.go @@ -20,7 +20,7 @@ import ( type subject struct { Type string `json:"type" binding:"required" example:"user"` - ID string `json:"id" binding:"required" example:"admin"` + ID string `json:"id" binding:"required" example:"admin"` } type action struct { @@ -28,9 +28,9 @@ type action struct { } type resource struct { - System string `json:"system" binding:"required" example:"bk_paas"` - Type string `json:"type" binding:"required" example:"app"` - ID string `json:"id" binding:"required" example:"framework"` + System string `json:"system" binding:"required" example:"bk_paas"` + Type string `json:"type" binding:"required" example:"app"` + ID string `json:"id" binding:"required" example:"framework"` Attribute map[string]interface{} `json:"attribute" binding:"required"` } @@ -42,13 +42,13 @@ func (r *resource) UID() string { // query for ext resources 附加查询的资源实例 type extResource struct { - System string `json:"system" binding:"required" example:"bk_paas"` - Type string `json:"type" binding:"required" example:"app"` - IDs []string `json:"ids" binding:"required,gt=0"` + System string `json:"system" binding:"required" example:"bk_paas"` + Type string `json:"type" binding:"required" example:"app"` + IDs []string `json:"ids" binding:"required,gt=0"` } type baseRequest struct { - System string `json:"system" binding:"required" example:"bk_paas"` + System string `json:"system" binding:"required" example:"bk_paas"` Subject subject `json:"subject" binding:"required"` } @@ -57,7 +57,7 @@ type authRequest struct { baseRequest // required Resources []resource `json:"resources" binding:"required"` - Action action `json:"action" binding:"required"` + Action action `json:"action" binding:"required"` } type authResponse struct { @@ -66,8 +66,8 @@ type authResponse struct { // ====== auth v2 type authV2Request struct { - Subject subject `json:"subject" binding:"required"` - Action action `json:"action" binding:"required"` + Subject subject `json:"subject" binding:"required"` + Action action `json:"action" binding:"required"` Resources []resource `json:"resources" binding:"required"` } @@ -81,16 +81,16 @@ type authByActionsRequest struct { baseRequest // can't be empty Resources []resource `json:"resources" binding:"required"` - Actions []action `json:"actions" binding:"required,max=10"` + Actions []action `json:"actions" binding:"required,max=10"` } // ======= auth by actions type authV2ByActionsRequest struct { - Subject subject `json:"subject" binding:"required"` + Subject subject `json:"subject" binding:"required"` // can't be empty Resources []resource `json:"resources" binding:"required"` - Actions []action `json:"actions" binding:"required,max=10"` + Actions []action `json:"actions" binding:"required,max=10"` } type authByActionsResponse map[string]bool @@ -99,7 +99,7 @@ type authByActionsResponse map[string]bool type authByResourcesRequest struct { baseRequest - Action action `json:"action" binding:"required"` + Action action `json:"action" binding:"required"` ResourcesList [][]resource `json:"resources_list" binding:"required,max=100"` } @@ -110,14 +110,14 @@ type queryRequest struct { baseRequest // can be empty Resources []resource `json:"resources" binding:"omitempty"` - Action action `json:"action" binding:"required"` + Action action `json:"action" binding:"required"` } // ====== query v2 type queryV2Request struct { - Subject subject `json:"subject" binding:"required"` - Action action `json:"action" binding:"required"` + Subject subject `json:"subject" binding:"required"` + Action action `json:"action" binding:"required"` // can be empty Resources []resource `json:"resources" binding:"omitempty"` } @@ -128,16 +128,16 @@ type queryByActionsRequest struct { baseRequest // can be empty Resources []resource `json:"resources" binding:"omitempty"` - Actions []action `json:"actions" binding:"required"` + Actions []action `json:"actions" binding:"required"` } // ======= query by actions type queryV2ByActionsRequest struct { - Subject subject `json:"subject" binding:"required"` + Subject subject `json:"subject" binding:"required"` // can be empty Resources []resource `json:"resources" binding:"omitempty"` - Actions []action `json:"actions" binding:"required"` + Actions []action `json:"actions" binding:"required"` } type actionInResponse struct { diff --git a/pkg/api/web/handler/freeze_slz.go b/pkg/api/web/handler/freeze_slz.go index 10a73f7c..bfef8b33 100644 --- a/pkg/api/web/handler/freeze_slz.go +++ b/pkg/api/web/handler/freeze_slz.go @@ -12,5 +12,5 @@ package handler type freezedSubjectSerializer struct { Type string `json:"type" binding:"required,oneof=user"` - ID string `json:"id" binding:"required"` + ID string `json:"id" binding:"required"` } diff --git a/pkg/api/web/handler/group.go b/pkg/api/web/handler/group.go index 11503d90..7284cdfe 100644 --- a/pkg/api/web/handler/group.go +++ b/pkg/api/web/handler/group.go @@ -319,10 +319,10 @@ func ListExistGroupsHasMemberBeforeExpiredAt(c *gin.Context) { copier.Copy(&papSubjects, &body.Subjects) ctl := pap.NewGroupController() - existGroups, err := ctl.FilterGroupsHasMemberBeforeExpiredAt(papSubjects, body.BeforeExpiredAt) + existGroups, err := ctl.ListGroupSubjectBeforeExpiredAtBySubjects(papSubjects, body.BeforeExpiredAt) if err != nil { err = errorWrapf( - err, "ctl.FilterGroupsHasMemberBeforeExpiredAt subjects=`%+v`, beforeExpiredAt=`%d`", + err, "ctl.ListGroupSubjectBeforeExpiredAtBySubjects subjects=`%+v`, beforeExpiredAt=`%d`", papSubjects, body.BeforeExpiredAt, ) util.SystemErrorJSONResponse(c, err) diff --git a/pkg/api/web/handler/model_change_event_slz.go b/pkg/api/web/handler/model_change_event_slz.go index a441d57d..9fb1fae5 100644 --- a/pkg/api/web/handler/model_change_event_slz.go +++ b/pkg/api/web/handler/model_change_event_slz.go @@ -19,9 +19,9 @@ type updateModelChangeEventStatusSerializer struct { } type deleteModelChangeEventSerializer struct { - Status string `json:"status" binding:"required"` + Status string `json:"status" binding:"required"` BeforeUpdatedAt int64 `json:"before_updated_at" binding:"omitempty,min=1,max=4102444800" example:"1592899208"` - Limit int64 `json:"limit" binding:"omitempty,min=1,max=100000"` + Limit int64 `json:"limit" binding:"omitempty,min=1,max=100000"` } func (s *deleteModelChangeEventSerializer) initDefault() { diff --git a/pkg/api/web/handler/policy_slz.go b/pkg/api/web/handler/policy_slz.go index 925889b2..1536552f 100644 --- a/pkg/api/web/handler/policy_slz.go +++ b/pkg/api/web/handler/policy_slz.go @@ -17,27 +17,27 @@ import ( // Query for type policySerializer struct { SubjectType string `form:"subject_type" json:"subject_type" binding:"required"` - SubjectID string `form:"subject_id" json:"subject_id" binding:"required"` - TemplateID int64 `form:"template_id" json:"template_id" binding:"omitempty"` + SubjectID string `form:"subject_id" json:"subject_id" binding:"required"` + TemplateID int64 `form:"template_id" json:"template_id" binding:"omitempty"` } // 变更 request body type policiesAlterSerializer struct { - Subject subject `json:"subject" binding:"required"` - CreatePolicies []policy `json:"create_policies" binding:"required"` - UpdatePolicies []updatePolicy `json:"update_policies" binding:"required"` + Subject subject `json:"subject" binding:"required"` + CreatePolicies []policy `json:"create_policies" binding:"required"` + UpdatePolicies []updatePolicy `json:"update_policies" binding:"required"` DeletePolicyIDs []int64 `json:"delete_policy_ids" binding:"required"` } type subject struct { Type string `json:"type" binding:"required"` - ID string `json:"id" binding:"required"` + ID string `json:"id" binding:"required"` } type policy struct { - ActionID string `json:"action_id" binding:"required"` + ActionID string `json:"action_id" binding:"required"` ResourceExpression string `json:"resource_expression" binding:"required"` - ExpiredAt int64 `json:"expired_at" binding:"required,min=0,max=4102444800"` + ExpiredAt int64 `json:"expired_at" binding:"required,min=0,max=4102444800"` // NOTE: this field not used! Environment string `json:"environment" binding:"omitempty"` @@ -67,11 +67,11 @@ func (slz *policiesAlterSerializer) validate() (bool, string) { type policiesDeleteSerializer struct { policySerializer SystemID string `json:"system_id" binding:"required"` - IDs []int64 `json:"ids" binding:"required,gt=0"` + IDs []int64 `json:"ids" binding:"required,gt=0"` } type queryListPolicySerializer struct { - SubjectType string `form:"subject_type" json:"subject_type" binding:"required"` - SubjectID string `form:"subject_id" json:"subject_id" binding:"required"` + SubjectType string `form:"subject_type" json:"subject_type" binding:"required"` + SubjectID string `form:"subject_id" json:"subject_id" binding:"required"` BeforeExpiredAt int64 `form:"before_expired_at" json:"before_expired_at" binding:"required,min=0"` } diff --git a/pkg/api/web/handler/policy_slz_v2.go b/pkg/api/web/handler/policy_slz_v2.go index 4bd4a32c..946a9846 100644 --- a/pkg/api/web/handler/policy_slz_v2.go +++ b/pkg/api/web/handler/policy_slz_v2.go @@ -2,11 +2,11 @@ package handler // 变更策略的 body type policiesAlterSerializerV2 struct { - Subject subject `json:"subject" binding:"required"` + Subject subject `json:"subject" binding:"required"` TemplateID int64 `json:"template_id" binding:"omitempty"` - CreatePolicies []policy `json:"create_policies" binding:"required"` - UpdatePolicies []updatePolicy `json:"update_policies" binding:"required"` + CreatePolicies []policy `json:"create_policies" binding:"required"` + UpdatePolicies []updatePolicy `json:"update_policies" binding:"required"` DeletePolicyIDs []int64 `json:"delete_policy_ids" binding:"required"` ResourceActions []resourceAction `json:"resource_actions" binding:"required"` @@ -16,12 +16,12 @@ type policiesAlterSerializerV2 struct { type resourceSerializer struct { SystemID string `json:"system_id" binding:"required"` - Type string `json:"type" binding:"required"` - ID string `json:"id" binding:"required"` + Type string `json:"type" binding:"required"` + ID string `json:"id" binding:"required"` } type resourceAction struct { - Resource resourceSerializer `json:"resource" binding:"required"` + Resource resourceSerializer `json:"resource" binding:"required"` CreatedActionIDs []string `json:"created_action_ids" binding:"required"` DeletedActionIDs []string `json:"deleted_action_ids" binding:"required"` } diff --git a/pkg/api/web/handler/subject_slz.go b/pkg/api/web/handler/subject_slz.go index 00f55f53..bf8e3d1c 100644 --- a/pkg/api/web/handler/subject_slz.go +++ b/pkg/api/web/handler/subject_slz.go @@ -18,7 +18,7 @@ import ( const superSystemID = "SUPER" type pageSerializer struct { - Limit int64 `json:"limit" form:"limit" binding:"omitempty,min=0"` + Limit int64 `json:"limit" form:"limit" binding:"omitempty,min=0"` Offset int64 `json:"offset" form:"offset" binding:"omitempty,min=0"` } @@ -36,52 +36,52 @@ type listSubjectSerializer struct { type createSubjectSerializer struct { Type string `json:"type" binding:"required,oneof=user group department"` - ID string `json:"id" binding:"required"` + ID string `json:"id" binding:"required"` Name string `json:"name" binding:"required"` } type deleteSubjectSerializer struct { Type string `json:"type" binding:"required,oneof=user group department"` - ID string `json:"id" binding:"required"` + ID string `json:"id" binding:"required"` } type listGroupMemberSerializer struct { Type string `form:"type" binding:"required,oneof=group"` - ID string `form:"id" binding:"required"` + ID string `form:"id" binding:"required"` pageSerializer } type checkSubjectGroupsBelongSerializer struct { - Type string `form:"type" binding:"required,oneof=user department"` - ID string `form:"id" binding:"required"` + Type string `form:"type" binding:"required,oneof=user department"` + ID string `form:"id" binding:"required"` GroupIDs string `form:"group_ids" binding:"required"` } type listSubjectGroupSerializer struct { - Type string `form:"type" binding:"required,oneof=user department"` - ID string `form:"id" binding:"required"` + Type string `form:"type" binding:"required,oneof=user department"` + ID string `form:"id" binding:"required"` BeforeExpiredAt int64 `form:"before_expired_at" binding:"omitempty,min=0"` pageSerializer } type memberSerializer struct { Type string `json:"type" binding:"required,oneof=user department"` - ID string `json:"id" binding:"required"` + ID string `json:"id" binding:"required"` } type deleteGroupMemberSerializer struct { - Type string `json:"type" binding:"required,oneof=group"` - ID string `json:"id" binding:"required"` + Type string `json:"type" binding:"required,oneof=group"` + ID string `json:"id" binding:"required"` // 防御,避免出现一次性删除太多成员,影响性能 Members []memberSerializer `json:"members" binding:"required,gt=0,lte=1000"` } type addGroupMembersSerializer struct { - Type string `json:"type" binding:"required,oneof=group"` - ID string `json:"id" binding:"required"` + Type string `json:"type" binding:"required,oneof=group"` + ID string `json:"id" binding:"required"` ExpiredAt int64 `json:"expired_at" binding:"omitempty,min=1,max=4102444800"` // 防御,避免出现一次性添加太多成员,影响性能 - Members []memberSerializer `json:"members" binding:"required,gt=0,lte=1000"` + Members []memberSerializer `json:"members" binding:"required,gt=0,lte=1000"` } func (s *addGroupMembersSerializer) validate() (bool, string) { @@ -100,19 +100,19 @@ func (s *addGroupMembersSerializer) validate() (bool, string) { } type subjectDepartment struct { - SubjectID string `json:"id" binding:"required"` + SubjectID string `json:"id" binding:"required"` DepartmentIDs []string `json:"departments" binding:"required"` } type updateSubjectSerializer struct { Type string `json:"type" binding:"required,oneof=user group department"` - ID string `json:"id" binding:"required"` + ID string `json:"id" binding:"required"` Name string `json:"name" binding:"required"` } type userSerializer struct { Type string `form:"type" binding:"required,oneof=user"` - ID string `form:"id" binding:"required"` + ID string `form:"id" binding:"required"` } type baseRoleSubjectSerializer struct { @@ -150,8 +150,8 @@ type memberExpiredAtSerializer struct { } type groupMemberExpiredAtSerializer struct { - Type string `json:"type" binding:"required,oneof=group"` - ID string `json:"id" binding:"required"` + Type string `json:"type" binding:"required,oneof=group"` + ID string `json:"id" binding:"required"` Members []memberExpiredAtSerializer `json:"members" binding:"required,gt=0,lte=1000"` } @@ -172,11 +172,11 @@ type listGroupMemberBeforeExpiredAtSerializer struct { type subjectSerializer struct { Type string `json:"type" binding:"required,oneof=group"` - ID string `json:"id" binding:"required"` + ID string `json:"id" binding:"required"` } type filterSubjectsBeforeExpiredAtSerializer struct { - Subjects []subjectSerializer `json:"subjects" binding:"required,gt=0,lte=1000"` + Subjects []subjectSerializer `json:"subjects" binding:"required,gt=0,lte=1000"` BeforeExpiredAt int64 `json:"before_expired_at" binding:"required,min=1,max=4102444800"` } @@ -191,8 +191,8 @@ func (slz *filterSubjectsBeforeExpiredAtSerializer) validate() (bool, string) { } type checkSubjectGroupsQuotaSerializer struct { - Type string `form:"type" binding:"required,oneof=user department"` - ID string `form:"id" binding:"required"` + Type string `form:"type" binding:"required,oneof=user department"` + ID string `form:"id" binding:"required"` GroupIDs string `form:"group_ids" binding:"required"` } @@ -202,20 +202,20 @@ type listGroupSubjectSerializer struct { } type rbacResource struct { - System string `json:"system" binding:"required" example:"bk_paas"` - Type string `json:"type" binding:"required" example:"app"` - ID string `json:"id" binding:"required" example:"framework"` + System string `json:"system" binding:"required" example:"bk_paas"` + Type string `json:"type" binding:"required" example:"app"` + ID string `json:"id" binding:"required" example:"framework"` Attribute map[string]interface{} `json:"attribute" binding:"required"` } type queryRbacGroupByResourceSerializer struct { ActionID string `json:"action_id" binding:"omitempty"` - Resource rbacResource `json:"resource" binding:"required"` + Resource rbacResource `json:"resource" binding:"required"` } type listTemplateGroupMemberSerializer struct { - Type string `form:"type" binding:"required,oneof=group"` - ID string `form:"id" binding:"required"` + Type string `form:"type" binding:"required,oneof=group"` + ID string `form:"id" binding:"required"` TemplateID int64 `form:"template_id" binding:"required"` pageSerializer } diff --git a/pkg/api/web/handler/subject_template_group_slz.go b/pkg/api/web/handler/subject_template_group_slz.go index b5787a6f..9b3f55a8 100644 --- a/pkg/api/web/handler/subject_template_group_slz.go +++ b/pkg/api/web/handler/subject_template_group_slz.go @@ -11,9 +11,9 @@ package handler type subjectTemplateGroupSerializer struct { - Type string `json:"type" binding:"required,oneof=user department"` - ID string `json:"id" binding:"required"` + Type string `json:"type" binding:"required,oneof=user department"` + ID string `json:"id" binding:"required"` TemplateID int64 `json:"template_id" binding:"required"` - GroupID int64 `json:"group_id" binding:"required"` - ExpiredAt int64 `json:"expired_at" binding:"omitempty,min=1,max=4102444800"` + GroupID int64 `json:"group_id" binding:"required"` + ExpiredAt int64 `json:"expired_at" binding:"omitempty,min=1,max=4102444800"` } diff --git a/pkg/api/web/handler/temporary_policy_slz.go b/pkg/api/web/handler/temporary_policy_slz.go index a046e6b0..6553c3f0 100644 --- a/pkg/api/web/handler/temporary_policy_slz.go +++ b/pkg/api/web/handler/temporary_policy_slz.go @@ -14,7 +14,7 @@ import "iam/pkg/api/common" // 临时权限 request body type temporaryPoliciesSerializer struct { - Subject subject `json:"subject" binding:"required"` + Subject subject `json:"subject" binding:"required"` Policies []policy `json:"policies" binding:"required"` } @@ -29,7 +29,7 @@ func (slz *temporaryPoliciesSerializer) validate() (bool, string) { type temporaryPoliciesDeleteSerializer struct { SubjectType string `json:"subject_type" binding:"required"` - SubjectID string `json:"subject_id" binding:"required"` - SystemID string `json:"system_id" binding:"required"` - IDs []int64 `json:"ids" binding:"required,gt=0"` + SubjectID string `json:"subject_id" binding:"required"` + SystemID string `json:"system_id" binding:"required"` + IDs []int64 `json:"ids" binding:"required,gt=0"` } diff --git a/pkg/database/dao/mock/subject_group.go b/pkg/database/dao/mock/subject_group.go index 154d6eac..07a6f0fd 100644 --- a/pkg/database/dao/mock/subject_group.go +++ b/pkg/database/dao/mock/subject_group.go @@ -106,21 +106,6 @@ func (mr *MockSubjectGroupManagerMockRecorder) BulkUpdateExpiredAtWithTx(tx, rel return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "BulkUpdateExpiredAtWithTx", reflect.TypeOf((*MockSubjectGroupManager)(nil).BulkUpdateExpiredAtWithTx), tx, relations) } -// FilterGroupPKsHasMemberBeforeExpiredAt mocks base method. -func (m *MockSubjectGroupManager) FilterGroupPKsHasMemberBeforeExpiredAt(groupPKs []int64, expiredAt int64) ([]int64, error) { - m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "FilterGroupPKsHasMemberBeforeExpiredAt", groupPKs, expiredAt) - ret0, _ := ret[0].([]int64) - ret1, _ := ret[1].(error) - return ret0, ret1 -} - -// FilterGroupPKsHasMemberBeforeExpiredAt indicates an expected call of FilterGroupPKsHasMemberBeforeExpiredAt. -func (mr *MockSubjectGroupManagerMockRecorder) FilterGroupPKsHasMemberBeforeExpiredAt(groupPKs, expiredAt interface{}) *gomock.Call { - mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "FilterGroupPKsHasMemberBeforeExpiredAt", reflect.TypeOf((*MockSubjectGroupManager)(nil).FilterGroupPKsHasMemberBeforeExpiredAt), groupPKs, expiredAt) -} - // GetExpiredAtBySubjectGroup mocks base method. func (m *MockSubjectGroupManager) GetExpiredAtBySubjectGroup(subjectPK, groupPK int64) (int64, error) { m.ctrl.T.Helper() @@ -376,6 +361,21 @@ func (mr *MockSubjectGroupManagerMockRecorder) ListRelationBySubjectPKGroupPKs(s return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListRelationBySubjectPKGroupPKs", reflect.TypeOf((*MockSubjectGroupManager)(nil).ListRelationBySubjectPKGroupPKs), subjectPK, groupPKs) } +// ListRelationBySubjectPKGroupPKsBeforeExpiredAt mocks base method. +func (m *MockSubjectGroupManager) ListRelationBySubjectPKGroupPKsBeforeExpiredAt(groupPKs []int64, expiredAt int64) ([]dao.ThinSubjectRelation, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "ListRelationBySubjectPKGroupPKsBeforeExpiredAt", groupPKs, expiredAt) + ret0, _ := ret[0].([]dao.ThinSubjectRelation) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// ListRelationBySubjectPKGroupPKsBeforeExpiredAt indicates an expected call of ListRelationBySubjectPKGroupPKsBeforeExpiredAt. +func (mr *MockSubjectGroupManagerMockRecorder) ListRelationBySubjectPKGroupPKsBeforeExpiredAt(groupPKs, expiredAt interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListRelationBySubjectPKGroupPKsBeforeExpiredAt", reflect.TypeOf((*MockSubjectGroupManager)(nil).ListRelationBySubjectPKGroupPKsBeforeExpiredAt), groupPKs, expiredAt) +} + // ListThinRelationAfterExpiredAtBySubjectPKs mocks base method. func (m *MockSubjectGroupManager) ListThinRelationAfterExpiredAtBySubjectPKs(subjectPKs []int64, expiredAt int64) ([]dao.ThinSubjectRelation, error) { m.ctrl.T.Helper() diff --git a/pkg/database/dao/subject.go b/pkg/database/dao/subject.go index 1c508ef8..7c7101c9 100644 --- a/pkg/database/dao/subject.go +++ b/pkg/database/dao/subject.go @@ -23,9 +23,9 @@ import ( // Subject 被授权人 type Subject struct { - PK int64 `db:"pk" json:"pk"` + PK int64 `db:"pk" json:"pk"` Type string `db:"type" json:"type"` - ID string `db:"id" json:"id"` + ID string `db:"id" json:"id"` // 仅用于”查询有某个资源的某个权限的用户列表“, Name string `db:"name" json:"_"` } diff --git a/pkg/database/dao/subject_group.go b/pkg/database/dao/subject_group.go index 5efbab4b..220fa8cd 100644 --- a/pkg/database/dao/subject_group.go +++ b/pkg/database/dao/subject_group.go @@ -65,7 +65,10 @@ type SubjectGroupManager interface { ) (members []ThinSubjectRelation, err error) ListRelationBySubjectPKGroupPKs(subjectPK int64, groupPKs []int64) ([]SubjectRelation, error) - FilterGroupPKsHasMemberBeforeExpiredAt(groupPKs []int64, expiredAt int64) ([]int64, error) + ListRelationBySubjectPKGroupPKsBeforeExpiredAt( + groupPKs []int64, + expiredAt int64, + ) ([]ThinSubjectRelation, error) BulkCreateWithTx(tx *sqlx.Tx, relations []SubjectRelation) error BulkDeleteBySubjectPKsWithTx(tx *sqlx.Tx, subjectPKs []int64) error @@ -399,23 +402,24 @@ func (m *subjectGroupManager) ListPagingGroupSubjectBeforeExpiredAt( return } -// FilterGroupPKsHasMemberBeforeExpiredAt get the group pks before timestamp(expiredAt) -func (m *subjectGroupManager) FilterGroupPKsHasMemberBeforeExpiredAt( +// ListRelationBySubjectPKGroupPKsBeforeExpiredAt get the group pks before timestamp(expiredAt) +func (m *subjectGroupManager) ListRelationBySubjectPKGroupPKsBeforeExpiredAt( groupPKs []int64, expiredAt int64, -) ([]int64, error) { - expiredGroupPKs := []int64{} - // TODO: DISTINCT 大表很慢 +) ([]ThinSubjectRelation, error) { + relations := []ThinSubjectRelation{} query := `SELECT - DISTINCT parent_pk + subject_pk, + parent_pk, + policy_expired_at FROM subject_relation WHERE parent_pk IN (?) AND policy_expired_at < ?` - err := database.SqlxSelect(m.DB, &expiredGroupPKs, query, groupPKs, expiredAt) + err := database.SqlxSelect(m.DB, &relations, query, groupPKs, expiredAt) if errors.Is(err, sql.ErrNoRows) { - return expiredGroupPKs, nil + return relations, nil } - return expiredGroupPKs, err + return relations, err } func (m *subjectGroupManager) ListRelationBySubjectPKGroupPKs( diff --git a/pkg/service/group.go b/pkg/service/group.go index dfa3716f..6225736e 100644 --- a/pkg/service/group.go +++ b/pkg/service/group.go @@ -51,7 +51,9 @@ type GroupService interface { subjectPK int64, groupPKs []int64, ) ([]types.SubjectGroupWithSource, error) - FilterGroupPKsHasMemberBeforeExpiredAt(groupPKs []int64, expiredAt int64) ([]int64, error) + ListGroupSubjectBeforeExpiredAtByGroupPKs( + groupPKs []int64, expiredAt int64, + ) ([]types.GroupSubject, error) BulkDeleteBySubjectPKsWithTx(tx *sqlx.Tx, subjectPKs []int64) error BulkDeleteByGroupPKsWithTx(tx *sqlx.Tx, subjectPKs []int64) error @@ -273,11 +275,18 @@ func (l *groupService) ListPagingSubjectSystemGroups( return subjectGroups, err } -// FilterGroupPKsHasMemberBeforeExpiredAt filter the exists and not expired subjects -func (l *groupService) FilterGroupPKsHasMemberBeforeExpiredAt( +// ListGroupSubjectBeforeExpiredAtByGroupPKs filter the exists and not expired subjects +func (l *groupService) ListGroupSubjectBeforeExpiredAtByGroupPKs( groupPKs []int64, expiredAt int64, -) ([]int64, error) { - return l.manager.FilterGroupPKsHasMemberBeforeExpiredAt(groupPKs, expiredAt) +) ([]types.GroupSubject, error) { + daoRelations, err := l.manager.ListRelationBySubjectPKGroupPKsBeforeExpiredAt(groupPKs, expiredAt) + if err != nil { + return nil, errorx.Wrapf(err, GroupSVC, + "ListRelationBySubjectPKGroupPKsBeforeExpiredAt", "ids=`%+v`, expiredAt=`%d`", + groupPKs, expiredAt) + } + + return convertToGroupSubjects(daoRelations), nil } func (l *groupService) ListEffectSubjectGroupsBySubjectPKGroupPKs( diff --git a/pkg/service/mock/group.go b/pkg/service/mock/group.go index 7bac86b0..edbccbbf 100644 --- a/pkg/service/mock/group.go +++ b/pkg/service/mock/group.go @@ -149,21 +149,6 @@ func (mr *MockGroupServiceMockRecorder) BulkUpdateSubjectSystemGroupBySubjectTem return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "BulkUpdateSubjectSystemGroupBySubjectTemplateGroupWithTx", reflect.TypeOf((*MockGroupService)(nil).BulkUpdateSubjectSystemGroupBySubjectTemplateGroupWithTx), tx, relations) } -// FilterGroupPKsHasMemberBeforeExpiredAt mocks base method. -func (m *MockGroupService) FilterGroupPKsHasMemberBeforeExpiredAt(groupPKs []int64, expiredAt int64) ([]int64, error) { - m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "FilterGroupPKsHasMemberBeforeExpiredAt", groupPKs, expiredAt) - ret0, _ := ret[0].([]int64) - ret1, _ := ret[1].(error) - return ret0, ret1 -} - -// FilterGroupPKsHasMemberBeforeExpiredAt indicates an expected call of FilterGroupPKsHasMemberBeforeExpiredAt. -func (mr *MockGroupServiceMockRecorder) FilterGroupPKsHasMemberBeforeExpiredAt(groupPKs, expiredAt interface{}) *gomock.Call { - mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "FilterGroupPKsHasMemberBeforeExpiredAt", reflect.TypeOf((*MockGroupService)(nil).FilterGroupPKsHasMemberBeforeExpiredAt), groupPKs, expiredAt) -} - // GetGroupMemberCount mocks base method. func (m *MockGroupService) GetGroupMemberCount(groupPK int64) (int64, error) { m.ctrl.T.Helper() @@ -374,6 +359,21 @@ func (mr *MockGroupServiceMockRecorder) ListGroupMember(groupPK interface{}) *go return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListGroupMember", reflect.TypeOf((*MockGroupService)(nil).ListGroupMember), groupPK) } +// ListGroupSubjectBeforeExpiredAtByGroupPKs mocks base method. +func (m *MockGroupService) ListGroupSubjectBeforeExpiredAtByGroupPKs(groupPKs []int64, expiredAt int64) ([]types.GroupSubject, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "ListGroupSubjectBeforeExpiredAtByGroupPKs", groupPKs, expiredAt) + ret0, _ := ret[0].([]types.GroupSubject) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// ListGroupSubjectBeforeExpiredAtByGroupPKs indicates an expected call of ListGroupSubjectBeforeExpiredAtByGroupPKs. +func (mr *MockGroupServiceMockRecorder) ListGroupSubjectBeforeExpiredAtByGroupPKs(groupPKs, expiredAt interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListGroupSubjectBeforeExpiredAtByGroupPKs", reflect.TypeOf((*MockGroupService)(nil).ListGroupSubjectBeforeExpiredAtByGroupPKs), groupPKs, expiredAt) +} + // ListPagingGroupMember mocks base method. func (m *MockGroupService) ListPagingGroupMember(groupPK, limit, offset int64) ([]types.GroupMember, error) { m.ctrl.T.Helper() diff --git a/pkg/service/types/action.go b/pkg/service/types/action.go index 2bf685e3..ce686af1 100644 --- a/pkg/service/types/action.go +++ b/pkg/service/types/action.go @@ -12,14 +12,14 @@ package types // ActionResourceType ... type ActionResourceType struct { - System string `json:"system_id" structs:"system_id"` - ID string `json:"id" structs:"id"` - NameAlias string `json:"name_alias" structs:"name_alias"` + System string `json:"system_id" structs:"system_id"` + ID string `json:"id" structs:"id"` + NameAlias string `json:"name_alias" structs:"name_alias"` NameAliasEn string `json:"name_alias_en" structs:"name_alias_en"` SelectionMode string `json:"selection_mode" structs:"selection_mode"` // for input, to db storage - RelatedInstanceSelections []map[string]interface{} `json:"-" structs:"related_instance_selections"` + RelatedInstanceSelections []map[string]interface{} `json:"-" structs:"related_instance_selections"` // for output, to api display InstanceSelections []map[string]interface{} `json:"instance_selections" structs:"instance_selections"` @@ -32,8 +32,8 @@ type ActionEnvironment struct { // ReferenceInstanceSelection ... type ReferenceInstanceSelection struct { - System string `json:"system_id" structs:"system_id"` - ID string `json:"id" structs:"id"` + System string `json:"system_id" structs:"system_id"` + ID string `json:"id" structs:"id"` IgnoreIAMPath bool `json:"ignore_iam_path" structs:"ignore_iam_path"` } @@ -41,31 +41,31 @@ type ReferenceInstanceSelection struct { type Action struct { AllowEmptyFields - ID string `json:"id" structs:"id"` - Name string `json:"name" structs:"name"` - NameEn string `json:"name_en" structs:"name_en"` - Description string `json:"description" structs:"description"` - DescriptionEn string `json:"description_en" structs:"description_en"` - Sensitivity int64 `json:"sensitivity" structs:"sensitivity"` - AuthType string `json:"auth_type" structs:"auth_type"` - Type string `json:"type" structs:"type"` - Hidden bool `json:"hidden" structs:"hidden"` - Version int64 `json:"version" structs:"version"` + ID string `json:"id" structs:"id"` + Name string `json:"name" structs:"name"` + NameEn string `json:"name_en" structs:"name_en"` + Description string `json:"description" structs:"description"` + DescriptionEn string `json:"description_en" structs:"description_en"` + Sensitivity int64 `json:"sensitivity" structs:"sensitivity"` + AuthType string `json:"auth_type" structs:"auth_type"` + Type string `json:"type" structs:"type"` + Hidden bool `json:"hidden" structs:"hidden"` + Version int64 `json:"version" structs:"version"` RelatedResourceTypes []ActionResourceType `json:"related_resource_types" structs:"related_resource_types"` - RelatedActions []string `json:"related_actions" structs:"related_actions"` - RelatedEnvironments []ActionEnvironment `json:"related_environments" structs:"related_environments"` + RelatedActions []string `json:"related_actions" structs:"related_actions"` + RelatedEnvironments []ActionEnvironment `json:"related_environments" structs:"related_environments"` } type ActionBaseInfo struct { - ID string `json:"id" structs:"id"` - Name string `json:"name" structs:"name"` - NameEn string `json:"name_en" structs:"name_en"` - Description string `json:"description" structs:"description"` + ID string `json:"id" structs:"id"` + Name string `json:"name" structs:"name"` + NameEn string `json:"name_en" structs:"name_en"` + Description string `json:"description" structs:"description"` DescriptionEn string `json:"description_en" structs:"description_en"` - Sensitivity int64 `json:"sensitivity" structs:"sensitivity"` - AuthType string `json:"auth_type" structs:"auth_type"` - Type string `json:"type" structs:"type"` - Version int64 `json:"version" structs:"version"` + Sensitivity int64 `json:"sensitivity" structs:"sensitivity"` + AuthType string `json:"auth_type" structs:"auth_type"` + Type string `json:"type" structs:"type"` + Version int64 `json:"version" structs:"version"` } // ThinAction ... diff --git a/pkg/service/types/instance_selection.go b/pkg/service/types/instance_selection.go index b82ab90c..3c2f0736 100644 --- a/pkg/service/types/instance_selection.go +++ b/pkg/service/types/instance_selection.go @@ -14,9 +14,9 @@ package types type InstanceSelection struct { AllowEmptyFields - ID string `json:"id" structs:"id"` - Name string `json:"name" structs:"name"` - NameEn string `json:"name_en" structs:"name_en"` - IsDynamic bool `json:"is_dynamic" structs:"is_dynamic"` + ID string `json:"id" structs:"id"` + Name string `json:"name" structs:"name"` + NameEn string `json:"name_en" structs:"name_en"` + IsDynamic bool `json:"is_dynamic" structs:"is_dynamic"` ResourceTypeChain []map[string]interface{} `json:"resource_type_chain" structs:"resource_type_chain"` } diff --git a/pkg/service/types/model_change_event.go b/pkg/service/types/model_change_event.go index e1f599b0..82e52aa4 100644 --- a/pkg/service/types/model_change_event.go +++ b/pkg/service/types/model_change_event.go @@ -12,11 +12,11 @@ package types // ModelChangeEvent is a event to store model change detail type ModelChangeEvent struct { - PK int64 `json:"pk" structs:"pk"` // 自增列 - Type string `json:"type" structs:"type"` - Status string `json:"status" structs:"status"` - SystemID string `json:"system_id" structs:"system_id"` + PK int64 `json:"pk" structs:"pk"` // 自增列 + Type string `json:"type" structs:"type"` + Status string `json:"status" structs:"status"` + SystemID string `json:"system_id" structs:"system_id"` ModelType string `json:"model_type" structs:"model_type"` - ModelID string `json:"model_id" structs:"model_id"` - ModelPK int64 `json:"model_pk" structs:"model_pk"` + ModelID string `json:"model_id" structs:"model_id"` + ModelPK int64 `json:"model_pk" structs:"model_pk"` } diff --git a/pkg/service/types/resource_type.go b/pkg/service/types/resource_type.go index 59043ebb..344d1bdf 100644 --- a/pkg/service/types/resource_type.go +++ b/pkg/service/types/resource_type.go @@ -14,13 +14,13 @@ package types type ResourceType struct { AllowEmptyFields - ID string `json:"id" structs:"id"` - Name string `json:"name" structs:"name"` - NameEn string `json:"name_en" structs:"name_en"` - Description string `json:"description" structs:"description"` - DescriptionEn string `json:"description_en" structs:"description_en"` - Sensitivity int64 `json:"sensitivity" structs:"sensitivity"` - Parents []map[string]interface{} `json:"parents" structs:"parents"` + ID string `json:"id" structs:"id"` + Name string `json:"name" structs:"name"` + NameEn string `json:"name_en" structs:"name_en"` + Description string `json:"description" structs:"description"` + DescriptionEn string `json:"description_en" structs:"description_en"` + Sensitivity int64 `json:"sensitivity" structs:"sensitivity"` + Parents []map[string]interface{} `json:"parents" structs:"parents"` ProviderConfig map[string]interface{} `json:"provider_config" structs:"provider_config"` - Version int64 `json:"version" structs:"version"` + Version int64 `json:"version" structs:"version"` } diff --git a/pkg/service/types/subject.go b/pkg/service/types/subject.go index bd192aa4..33298f77 100644 --- a/pkg/service/types/subject.go +++ b/pkg/service/types/subject.go @@ -61,7 +61,7 @@ type GroupSubject struct { // ThinSubjectGroup keep the minimum fields of a group, with the group subject_pk and expired_at type ThinSubjectGroup struct { // GroupPK is the subject_pk of group - GroupPK int64 `json:"group_pk" msgpack:"p"` + GroupPK int64 `json:"group_pk" msgpack:"p"` ExpiredAt int64 `json:"expired_at" msgpack:"pe"` } @@ -108,11 +108,11 @@ func (s *SubjectActionGroupResource) UpdateGroupResource(groupPK int64, resource // SubjectActionExpression ... type SubjectActionExpression struct { - PK int64 `json:"pk" msgpack:"p"` + PK int64 `json:"pk" msgpack:"p"` SubjectPK int64 `json:"subject_pk" msgpack:"s1"` - ActionPK int64 `json:"action_pk" msgpack:"a"` + ActionPK int64 `json:"action_pk" msgpack:"a"` Expression string `json:"expression" msgpack:"e1"` - Signature string `json:"signature" msgpack:"s2"` + Signature string `json:"signature" msgpack:"s2"` ExpiredAt int64 `json:"expired_at" msgpack:"e2"` } diff --git a/pkg/service/types/system.go b/pkg/service/types/system.go index 2a123b8d..9350cea0 100644 --- a/pkg/service/types/system.go +++ b/pkg/service/types/system.go @@ -14,11 +14,11 @@ package types type System struct { AllowEmptyFields - ID string `json:"id" structs:"id"` - Name string `json:"name" structs:"name"` - NameEn string `json:"name_en" structs:"name_en"` - Description string `json:"description" structs:"description"` - DescriptionEn string `json:"description_en" structs:"description_en"` - Clients string `json:"clients" structs:"clients"` + ID string `json:"id" structs:"id"` + Name string `json:"name" structs:"name"` + NameEn string `json:"name_en" structs:"name_en"` + Description string `json:"description" structs:"description"` + DescriptionEn string `json:"description_en" structs:"description_en"` + Clients string `json:"clients" structs:"clients"` ProviderConfig map[string]interface{} `json:"provider_config" structs:"provider_config"` }