Merge pull request #12458 from kofj/add_rbac

Enable RBAC control in the preheat API
This commit is contained in:
Steven Zou 2020-07-13 12:38:08 +08:00 committed by GitHub
commit 2efc4f230d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 59 additions and 0 deletions

View File

@ -55,5 +55,6 @@ const (
ResourceTag = Resource("tag") ResourceTag = Resource("tag")
ResourceArtifactAddition = Resource("artifact-addition") ResourceArtifactAddition = Resource("artifact-addition")
ResourceArtifactLabel = Resource("artifact-label") ResourceArtifactLabel = Resource("artifact-label")
ResourcePreatPolicy = Resource("preheat-policy")
ResourceSelf = Resource("") // subresource for self ResourceSelf = Resource("") // subresource for self
) )

View File

@ -113,6 +113,12 @@ var (
{Resource: ResourceArtifactLabel, Action: ActionCreate}, {Resource: ResourceArtifactLabel, Action: ActionCreate},
{Resource: ResourceArtifactLabel, Action: ActionDelete}, {Resource: ResourceArtifactLabel, Action: ActionDelete},
{Resource: ResourcePreatPolicy, Action: ActionCreate},
{Resource: ResourcePreatPolicy, Action: ActionRead},
{Resource: ResourcePreatPolicy, Action: ActionUpdate},
{Resource: ResourcePreatPolicy, Action: ActionDelete},
{Resource: ResourcePreatPolicy, Action: ActionList},
}, },
"maintainer": { "maintainer": {

View File

@ -10,6 +10,7 @@ import (
"github.com/go-openapi/runtime/middleware" "github.com/go-openapi/runtime/middleware"
"github.com/go-openapi/strfmt" "github.com/go-openapi/strfmt"
"github.com/goharbor/harbor/src/common/rbac"
preheatCtl "github.com/goharbor/harbor/src/controller/p2p/preheat" preheatCtl "github.com/goharbor/harbor/src/controller/p2p/preheat"
projectCtl "github.com/goharbor/harbor/src/controller/project" projectCtl "github.com/goharbor/harbor/src/controller/project"
liberrors "github.com/goharbor/harbor/src/lib/errors" liberrors "github.com/goharbor/harbor/src/lib/errors"
@ -46,6 +47,10 @@ func (api *preheatAPI) Prepare(ctx context.Context, operation string, params int
} }
func (api *preheatAPI) CreateInstance(ctx context.Context, params operation.CreateInstanceParams) middleware.Responder { func (api *preheatAPI) CreateInstance(ctx context.Context, params operation.CreateInstanceParams) middleware.Responder {
if err := api.RequireSysAdmin(ctx); err != nil {
return api.SendError(ctx, err)
}
instance, err := convertParamInstanceToModelInstance(params.Instance) instance, err := convertParamInstanceToModelInstance(params.Instance)
if err != nil { if err != nil {
return api.SendError(ctx, err) return api.SendError(ctx, err)
@ -59,6 +64,10 @@ func (api *preheatAPI) CreateInstance(ctx context.Context, params operation.Crea
} }
func (api *preheatAPI) DeleteInstance(ctx context.Context, params operation.DeleteInstanceParams) middleware.Responder { func (api *preheatAPI) DeleteInstance(ctx context.Context, params operation.DeleteInstanceParams) middleware.Responder {
if err := api.RequireSysAdmin(ctx); err != nil {
return api.SendError(ctx, err)
}
instance, err := api.preheatCtl.GetInstanceByName(ctx, params.PreheatInstanceName) instance, err := api.preheatCtl.GetInstanceByName(ctx, params.PreheatInstanceName)
if err != nil { if err != nil {
return api.SendError(ctx, err) return api.SendError(ctx, err)
@ -73,6 +82,10 @@ func (api *preheatAPI) DeleteInstance(ctx context.Context, params operation.Dele
} }
func (api *preheatAPI) GetInstance(ctx context.Context, params operation.GetInstanceParams) middleware.Responder { func (api *preheatAPI) GetInstance(ctx context.Context, params operation.GetInstanceParams) middleware.Responder {
if err := api.RequireSysAdmin(ctx); err != nil {
return api.SendError(ctx, err)
}
var payload *models.Instance var payload *models.Instance
instance, err := api.preheatCtl.GetInstanceByName(ctx, params.PreheatInstanceName) instance, err := api.preheatCtl.GetInstanceByName(ctx, params.PreheatInstanceName)
if err != nil { if err != nil {
@ -89,6 +102,10 @@ func (api *preheatAPI) GetInstance(ctx context.Context, params operation.GetInst
// ListInstances is List p2p instances // ListInstances is List p2p instances
func (api *preheatAPI) ListInstances(ctx context.Context, params operation.ListInstancesParams) middleware.Responder { func (api *preheatAPI) ListInstances(ctx context.Context, params operation.ListInstancesParams) middleware.Responder {
if err := api.RequireSysAdmin(ctx); err != nil {
return api.SendError(ctx, err)
}
var payload []*models.Instance var payload []*models.Instance
query, err := api.BuildQuery(ctx, params.Q, params.Page, params.PageSize) query, err := api.BuildQuery(ctx, params.Q, params.Page, params.PageSize)
@ -119,6 +136,9 @@ func (api *preheatAPI) ListInstances(ctx context.Context, params operation.ListI
} }
func (api *preheatAPI) ListProviders(ctx context.Context, params operation.ListProvidersParams) middleware.Responder { func (api *preheatAPI) ListProviders(ctx context.Context, params operation.ListProvidersParams) middleware.Responder {
if err := api.RequireSysAdmin(ctx); err != nil {
return api.SendError(ctx, err)
}
var providers, err = preheatCtl.Ctl.GetAvailableProviders() var providers, err = preheatCtl.Ctl.GetAvailableProviders()
if err != nil { if err != nil {
@ -131,6 +151,10 @@ func (api *preheatAPI) ListProviders(ctx context.Context, params operation.ListP
// UpdateInstance is Update instance // UpdateInstance is Update instance
func (api *preheatAPI) UpdateInstance(ctx context.Context, params operation.UpdateInstanceParams) middleware.Responder { func (api *preheatAPI) UpdateInstance(ctx context.Context, params operation.UpdateInstanceParams) middleware.Responder {
if err := api.RequireSysAdmin(ctx); err != nil {
return api.SendError(ctx, err)
}
var payload *models.InstanceUpdateResp var payload *models.InstanceUpdateResp
return operation.NewUpdateInstanceOK().WithPayload(payload) return operation.NewUpdateInstanceOK().WithPayload(payload)
} }
@ -152,6 +176,10 @@ func convertProvidersToFrontend(backend []*provider.Metadata) (frontend []*model
// GetPolicy is Get a preheat policy // GetPolicy is Get a preheat policy
func (api *preheatAPI) GetPolicy(ctx context.Context, params operation.GetPolicyParams) middleware.Responder { func (api *preheatAPI) GetPolicy(ctx context.Context, params operation.GetPolicyParams) middleware.Responder {
if err := api.RequireProjectAccess(ctx, params.ProjectName, rbac.ActionRead, rbac.ResourcePreatPolicy); err != nil {
return api.SendError(ctx, err)
}
project, err := api.projectCtl.GetByName(ctx, params.ProjectName) project, err := api.projectCtl.GetByName(ctx, params.ProjectName)
if err != nil { if err != nil {
return api.SendError(ctx, err) return api.SendError(ctx, err)
@ -172,6 +200,10 @@ func (api *preheatAPI) GetPolicy(ctx context.Context, params operation.GetPolicy
// CreatePolicy is Create a preheat policy under a project // CreatePolicy is Create a preheat policy under a project
func (api *preheatAPI) CreatePolicy(ctx context.Context, params operation.CreatePolicyParams) middleware.Responder { func (api *preheatAPI) CreatePolicy(ctx context.Context, params operation.CreatePolicyParams) middleware.Responder {
if err := api.RequireProjectAccess(ctx, params.ProjectName, rbac.ActionCreate, rbac.ResourcePreatPolicy); err != nil {
return api.SendError(ctx, err)
}
policy, err := convertParamPolicyToModelPolicy(params.Policy) policy, err := convertParamPolicyToModelPolicy(params.Policy)
if err != nil { if err != nil {
return api.SendError(ctx, err) return api.SendError(ctx, err)
@ -186,6 +218,10 @@ func (api *preheatAPI) CreatePolicy(ctx context.Context, params operation.Create
// UpdatePolicy is Update preheat policy // UpdatePolicy is Update preheat policy
func (api *preheatAPI) UpdatePolicy(ctx context.Context, params operation.UpdatePolicyParams) middleware.Responder { func (api *preheatAPI) UpdatePolicy(ctx context.Context, params operation.UpdatePolicyParams) middleware.Responder {
if err := api.RequireProjectAccess(ctx, params.ProjectName, rbac.ActionUpdate, rbac.ResourcePreatPolicy); err != nil {
return api.SendError(ctx, err)
}
policy, err := convertParamPolicyToModelPolicy(params.Policy) policy, err := convertParamPolicyToModelPolicy(params.Policy)
if err != nil { if err != nil {
return api.SendError(ctx, err) return api.SendError(ctx, err)
@ -200,6 +236,10 @@ func (api *preheatAPI) UpdatePolicy(ctx context.Context, params operation.Update
// DeletePolicy is Delete a preheat policy // DeletePolicy is Delete a preheat policy
func (api *preheatAPI) DeletePolicy(ctx context.Context, params operation.DeletePolicyParams) middleware.Responder { func (api *preheatAPI) DeletePolicy(ctx context.Context, params operation.DeletePolicyParams) middleware.Responder {
if err := api.RequireProjectAccess(ctx, params.ProjectName, rbac.ActionDelete, rbac.ResourcePreatPolicy); err != nil {
return api.SendError(ctx, err)
}
project, err := api.projectCtl.GetByName(ctx, params.ProjectName) project, err := api.projectCtl.GetByName(ctx, params.ProjectName)
if err != nil { if err != nil {
return api.SendError(ctx, err) return api.SendError(ctx, err)
@ -220,6 +260,10 @@ func (api *preheatAPI) DeletePolicy(ctx context.Context, params operation.Delete
// ListPolicies is List preheat policies // ListPolicies is List preheat policies
func (api *preheatAPI) ListPolicies(ctx context.Context, params operation.ListPoliciesParams) middleware.Responder { func (api *preheatAPI) ListPolicies(ctx context.Context, params operation.ListPoliciesParams) middleware.Responder {
if err := api.RequireProjectAccess(ctx, params.ProjectName, rbac.ActionList, rbac.ResourcePreatPolicy); err != nil {
return api.SendError(ctx, err)
}
project, err := api.projectCtl.GetByName(ctx, params.ProjectName) project, err := api.projectCtl.GetByName(ctx, params.ProjectName)
if err != nil { if err != nil {
return api.SendError(ctx, err) return api.SendError(ctx, err)
@ -258,6 +302,10 @@ func (api *preheatAPI) ListPolicies(ctx context.Context, params operation.ListPo
// ManualPreheat is manual preheat // ManualPreheat is manual preheat
func (api *preheatAPI) ManualPreheat(ctx context.Context, params operation.ManualPreheatParams) middleware.Responder { func (api *preheatAPI) ManualPreheat(ctx context.Context, params operation.ManualPreheatParams) middleware.Responder {
if err := api.RequireProjectAccess(ctx, params.ProjectName, rbac.ActionRead, rbac.ResourcePreatPolicy); err != nil {
return api.SendError(ctx, err)
}
project, err := api.projectCtl.GetByName(ctx, params.ProjectName) project, err := api.projectCtl.GetByName(ctx, params.ProjectName)
if err != nil { if err != nil {
return api.SendError(ctx, err) return api.SendError(ctx, err)
@ -280,6 +328,10 @@ func (api *preheatAPI) ManualPreheat(ctx context.Context, params operation.Manua
} }
func (api *preheatAPI) PingInstances(ctx context.Context, params operation.PingInstancesParams) middleware.Responder { func (api *preheatAPI) PingInstances(ctx context.Context, params operation.PingInstancesParams) middleware.Responder {
if err := api.RequireSysAdmin(ctx); err != nil {
return api.SendError(ctx, err)
}
var instance *instanceModel.Instance var instance *instanceModel.Instance
var err error var err error