Merge pull request #6765 from heww/rename-ram

Rename ram to rbac

src/common/rbac/casbin.go

@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package ram
+package rbac
 
 import (
 	"errors"

src/common/rbac/namespace.go

@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package ram
+package rbac
 
 import (
 	"fmt"

src/common/rbac/namespace_test.go

@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package ram
+package rbac
 
 import (
 	"testing"

src/common/rbac/parser.go

@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package ram
+package rbac
 
 import (
 	"errors"

src/common/rbac/parser_test.go

@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package ram
+package rbac
 
 import (
 	"testing"

src/common/rbac/project/const.go

@@ -15,19 +15,19 @@
 package project
 
 import (
-	"github.com/goharbor/harbor/src/common/ram"
+	"github.com/goharbor/harbor/src/common/rbac"
 )
 
 // const action variables
 const (
-	ActionAll      = ram.Action("*")
-	ActionPull     = ram.Action("pull")
-	ActionPush     = ram.Action("push")
-	ActionPushPull = ram.Action("push+pull")
+	ActionAll      = rbac.Action("*")
+	ActionPull     = rbac.Action("pull")
+	ActionPush     = rbac.Action("push")
+	ActionPushPull = rbac.Action("push+pull")
 )
 
 // const resource variables
 const (
-	ResourceAll   = ram.Resource("*")
-	ResourceImage = ram.Resource("image")
+	ResourceAll   = rbac.Resource("*")
+	ResourceImage = rbac.Resource("image")
 )

src/common/rbac/project/util.go

@@ -15,26 +15,26 @@
 package project
 
 import (
-	"github.com/goharbor/harbor/src/common/ram"
+	"github.com/goharbor/harbor/src/common/rbac"
 )
 
 var (
 	// subresource policies for public project
-	publicProjectPolicies = []*ram.Policy{
+	publicProjectPolicies = []*rbac.Policy{
 		{Resource: ResourceImage, Action: ActionPull},
 	}
 
 	// subresource policies for system admin visitor
-	systemAdminProjectPolicies = []*ram.Policy{
+	systemAdminProjectPolicies = []*rbac.Policy{
 		{Resource: ResourceAll, Action: ActionAll},
 	}
 )
 
-func policiesForPublicProject(namespace ram.Namespace) []*ram.Policy {
-	policies := []*ram.Policy{}
+func policiesForPublicProject(namespace rbac.Namespace) []*rbac.Policy {
+	policies := []*rbac.Policy{}
 
 	for _, policy := range publicProjectPolicies {
-		policies = append(policies, &ram.Policy{
+		policies = append(policies, &rbac.Policy{
 			Resource: namespace.Resource(policy.Resource),
 			Action:   policy.Action,
 			Effect:   policy.Effect,
@@ -44,11 +44,11 @@ func policiesForPublicProject(namespace ram.Namespace) []*ram.Policy {
 	return policies
 }
 
-func policiesForSystemAdmin(namespace ram.Namespace) []*ram.Policy {
-	policies := []*ram.Policy{}
+func policiesForSystemAdmin(namespace rbac.Namespace) []*rbac.Policy {
+	policies := []*rbac.Policy{}
 
 	for _, policy := range systemAdminProjectPolicies {
-		policies = append(policies, &ram.Policy{
+		policies = append(policies, &rbac.Policy{
 			Resource: namespace.Resource(policy.Resource),
 			Action:   policy.Action,
 			Effect:   policy.Effect,

src/common/rbac/project/visitor.go

@@ -15,7 +15,7 @@
 package project
 
 import (
-	"github.com/goharbor/harbor/src/common/ram"
+	"github.com/goharbor/harbor/src/common/rbac"
 )
 
 // visitorContext the context interface for the project visitor
@@ -27,10 +27,10 @@ type visitorContext interface {
 	IsSysAdmin() bool
 }
 
-// visitor implement the ram.User interface for project visitor
+// visitor implement the rbac.User interface for project visitor
 type visitor struct {
 	ctx          visitorContext
-	namespace    ram.Namespace
+	namespace    rbac.Namespace
 	projectRoles []int
 }
 
@@ -45,7 +45,7 @@ func (v *visitor) GetUserName() string {
 }
 
 // GetPolicies returns policies of the visitor
-func (v *visitor) GetPolicies() []*ram.Policy {
+func (v *visitor) GetPolicies() []*rbac.Policy {
 	if v.ctx.IsSysAdmin() {
 		return policiesForSystemAdmin(v.namespace)
 	}
@@ -58,12 +58,12 @@ func (v *visitor) GetPolicies() []*ram.Policy {
 }
 
 // GetRoles returns roles of the visitor
-func (v *visitor) GetRoles() []ram.Role {
+func (v *visitor) GetRoles() []rbac.Role {
 	if !v.ctx.IsAuthenticated() {
 		return nil
 	}
 
-	roles := []ram.Role{}
+	roles := []rbac.Role{}
 
 	for _, roleID := range v.projectRoles {
 		roles = append(roles, &visitorRole{roleID: roleID, namespace: v.namespace})
@@ -72,8 +72,8 @@ func (v *visitor) GetRoles() []ram.Role {
 	return roles
 }
 
-// NewUser returns ram.User interface for the project visitor
-func NewUser(ctx visitorContext, namespace ram.Namespace, projectRoles ...int) ram.User {
+// NewUser returns rbac.User interface for the project visitor
+func NewUser(ctx visitorContext, namespace rbac.Namespace, projectRoles ...int) rbac.User {
 	return &visitor{
 		ctx:          ctx,
 		namespace:    namespace,

src/common/rbac/project/visitor_role.go

@@ -16,11 +16,11 @@ package project
 
 import (
 	"github.com/goharbor/harbor/src/common"
-	"github.com/goharbor/harbor/src/common/ram"
+	"github.com/goharbor/harbor/src/common/rbac"
 )
 
 var (
-	rolePoliciesMap = map[string][]*ram.Policy{
+	rolePoliciesMap = map[string][]*rbac.Policy{
 		"projectAdmin": {
 			{Resource: ResourceImage, Action: ActionPushPull}, // compatible with security all perm of project
 			{Resource: ResourceImage, Action: ActionPush},
@@ -38,9 +38,9 @@ var (
 	}
 )
 
-// visitorRole implement the ram.Role interface
+// visitorRole implement the rbac.Role interface
 type visitorRole struct {
-	namespace ram.Namespace
+	namespace rbac.Namespace
 	roleID    int
 }
 
@@ -59,8 +59,8 @@ func (role *visitorRole) GetRoleName() string {
 }
 
 // GetPolicies returns policies for the visitor role
-func (role *visitorRole) GetPolicies() []*ram.Policy {
-	policies := []*ram.Policy{}
+func (role *visitorRole) GetPolicies() []*rbac.Policy {
+	policies := []*rbac.Policy{}
 
 	roleName := role.GetRoleName()
 	if roleName == "" {
@@ -68,7 +68,7 @@ func (role *visitorRole) GetPolicies() []*ram.Policy {
 	}
 
 	for _, policy := range rolePoliciesMap[roleName] {
-		policies = append(policies, &ram.Policy{
+		policies = append(policies, &rbac.Policy{
 			Resource: role.namespace.Resource(policy.Resource),
 			Action:   policy.Action,
 			Effect:   policy.Effect,

src/common/rbac/project/visitor_test.go

@@ -18,7 +18,7 @@ import (
 	"testing"
 
 	"github.com/goharbor/harbor/src/common"
-	"github.com/goharbor/harbor/src/common/ram"
+	"github.com/goharbor/harbor/src/common/rbac"
 	"github.com/stretchr/testify/suite"
 )
 
@@ -50,8 +50,8 @@ type VisitorTestSuite struct {
 }
 
 func (suite *VisitorTestSuite) TestGetPolicies() {
-	namespace := ram.NewProjectNamespace("library", false)
-	publicNamespace := ram.NewProjectNamespace("library", true)
+	namespace := rbac.NewProjectNamespace("library", false)
+	publicNamespace := rbac.NewProjectNamespace("library", true)
 
 	anonymous := NewUser(anonymousCtx, namespace)
 	suite.Nil(anonymous.GetPolicies())
@@ -73,7 +73,7 @@ func (suite *VisitorTestSuite) TestGetPolicies() {
 }
 
 func (suite *VisitorTestSuite) TestGetRoles() {
-	namespace := ram.NewProjectNamespace("library", false)
+	namespace := rbac.NewProjectNamespace("library", false)
 
 	anonymous := NewUser(anonymousCtx, namespace)
 	suite.Nil(anonymous.GetRoles())

src/common/rbac/rbac.go

@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package ram
+package rbac
 
 import (
 	"fmt"
@@ -87,14 +87,14 @@ func (p *Policy) GetEffect() string {
 	return eft.String()
 }
 
-// Role the interface of ram role
+// Role the interface of rbac role
 type Role interface {
 	// GetRoleName returns the role identity, if empty string role's policies will be ignore
 	GetRoleName() string
 	GetPolicies() []*Policy
 }
 
-// User the interface of ram user
+// User the interface of rbac user
 type User interface {
 	// GetUserName returns the user identity, if empty string user's all policies will be ignore
 	GetUserName() string

src/common/rbac/rbac_test.go

@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package ram
+package rbac
 
 import (
 	"reflect"

src/common/security/admiral/context.go

@@ -16,8 +16,8 @@ package admiral
 
 import (
 	"github.com/goharbor/harbor/src/common/models"
-	"github.com/goharbor/harbor/src/common/ram"
-	"github.com/goharbor/harbor/src/common/ram/project"
+	"github.com/goharbor/harbor/src/common/rbac"
+	"github.com/goharbor/harbor/src/common/rbac/project"
 	"github.com/goharbor/harbor/src/common/security/admiral/authcontext"
 	"github.com/goharbor/harbor/src/core/promgr"
 )
@@ -72,32 +72,32 @@ func (s *SecurityContext) IsSolutionUser() bool {
 // HasReadPerm returns whether the user has read permission to the project
 func (s *SecurityContext) HasReadPerm(projectIDOrName interface{}) bool {
 	isPublicProject, _ := s.pm.IsPublic(projectIDOrName)
-	return s.Can(project.ActionPull, ram.NewProjectNamespace(projectIDOrName, isPublicProject).Resource(project.ResourceImage))
+	return s.Can(project.ActionPull, rbac.NewProjectNamespace(projectIDOrName, isPublicProject).Resource(project.ResourceImage))
 }
 
 // HasWritePerm returns whether the user has write permission to the project
 func (s *SecurityContext) HasWritePerm(projectIDOrName interface{}) bool {
 	isPublicProject, _ := s.pm.IsPublic(projectIDOrName)
-	return s.Can(project.ActionPush, ram.NewProjectNamespace(projectIDOrName, isPublicProject).Resource(project.ResourceImage))
+	return s.Can(project.ActionPush, rbac.NewProjectNamespace(projectIDOrName, isPublicProject).Resource(project.ResourceImage))
 }
 
 // HasAllPerm returns whether the user has all permissions to the project
 func (s *SecurityContext) HasAllPerm(projectIDOrName interface{}) bool {
 	isPublicProject, _ := s.pm.IsPublic(projectIDOrName)
-	return s.Can(project.ActionPushPull, ram.NewProjectNamespace(projectIDOrName, isPublicProject).Resource(project.ResourceImage))
+	return s.Can(project.ActionPushPull, rbac.NewProjectNamespace(projectIDOrName, isPublicProject).Resource(project.ResourceImage))
 }
 
 // Can returns whether the user can do action on resource
-func (s *SecurityContext) Can(action ram.Action, resource ram.Resource) bool {
+func (s *SecurityContext) Can(action rbac.Action, resource rbac.Resource) bool {
 	ns, err := resource.GetNamespace()
 	if err == nil {
 		switch ns.Kind() {
 		case "project":
 			projectIDOrName := ns.Identity()
 			isPublicProject, _ := s.pm.IsPublic(projectIDOrName)
-			projectNamespace := ram.NewProjectNamespace(projectIDOrName, isPublicProject)
+			projectNamespace := rbac.NewProjectNamespace(projectIDOrName, isPublicProject)
 			user := project.NewUser(s, projectNamespace, s.GetProjectRoles(projectIDOrName)...)
-			return ram.HasPermission(user, resource, action)
+			return rbac.HasPermission(user, resource, action)
 		}
 	}
 

src/common/security/local/context.go

@@ -19,8 +19,8 @@ import (
 	"github.com/goharbor/harbor/src/common/dao"
 	"github.com/goharbor/harbor/src/common/dao/group"
 	"github.com/goharbor/harbor/src/common/models"
-	"github.com/goharbor/harbor/src/common/ram"
-	"github.com/goharbor/harbor/src/common/ram/project"
+	"github.com/goharbor/harbor/src/common/rbac"
+	"github.com/goharbor/harbor/src/common/rbac/project"
 	"github.com/goharbor/harbor/src/common/utils/log"
 	"github.com/goharbor/harbor/src/core/promgr"
 )
@@ -70,32 +70,32 @@ func (s *SecurityContext) IsSolutionUser() bool {
 // HasReadPerm returns whether the user has read permission to the project
 func (s *SecurityContext) HasReadPerm(projectIDOrName interface{}) bool {
 	isPublicProject, _ := s.pm.IsPublic(projectIDOrName)
-	return s.Can(project.ActionPull, ram.NewProjectNamespace(projectIDOrName, isPublicProject).Resource(project.ResourceImage))
+	return s.Can(project.ActionPull, rbac.NewProjectNamespace(projectIDOrName, isPublicProject).Resource(project.ResourceImage))
 }
 
 // HasWritePerm returns whether the user has write permission to the project
 func (s *SecurityContext) HasWritePerm(projectIDOrName interface{}) bool {
 	isPublicProject, _ := s.pm.IsPublic(projectIDOrName)
-	return s.Can(project.ActionPush, ram.NewProjectNamespace(projectIDOrName, isPublicProject).Resource(project.ResourceImage))
+	return s.Can(project.ActionPush, rbac.NewProjectNamespace(projectIDOrName, isPublicProject).Resource(project.ResourceImage))
 }
 
 // HasAllPerm returns whether the user has all permissions to the project
 func (s *SecurityContext) HasAllPerm(projectIDOrName interface{}) bool {
 	isPublicProject, _ := s.pm.IsPublic(projectIDOrName)
-	return s.Can(project.ActionPushPull, ram.NewProjectNamespace(projectIDOrName, isPublicProject).Resource(project.ResourceImage))
+	return s.Can(project.ActionPushPull, rbac.NewProjectNamespace(projectIDOrName, isPublicProject).Resource(project.ResourceImage))
 }
 
 // Can returns whether the user can do action on resource
-func (s *SecurityContext) Can(action ram.Action, resource ram.Resource) bool {
+func (s *SecurityContext) Can(action rbac.Action, resource rbac.Resource) bool {
 	ns, err := resource.GetNamespace()
 	if err == nil {
 		switch ns.Kind() {
 		case "project":
 			projectIDOrName := ns.Identity()
 			isPublicProject, _ := s.pm.IsPublic(projectIDOrName)
-			projectNamespace := ram.NewProjectNamespace(projectIDOrName, isPublicProject)
+			projectNamespace := rbac.NewProjectNamespace(projectIDOrName, isPublicProject)
 			user := project.NewUser(s, projectNamespace, s.GetProjectRoles(projectIDOrName)...)
-			return ram.HasPermission(user, resource, action)
+			return rbac.HasPermission(user, resource, action)
 		}
 	}
 

src/common/security/secret/context.go

@@ -19,7 +19,7 @@ import (
 
 	"github.com/goharbor/harbor/src/common"
 	"github.com/goharbor/harbor/src/common/models"
-	"github.com/goharbor/harbor/src/common/ram"
+	"github.com/goharbor/harbor/src/common/rbac"
 	"github.com/goharbor/harbor/src/common/secret"
 	"github.com/goharbor/harbor/src/common/utils/log"
 )
@@ -99,7 +99,7 @@ func (s *SecurityContext) HasAllPerm(projectIDOrName interface{}) bool {
 }
 
 // Can returns whether the user can do action on resource
-func (s *SecurityContext) Can(action ram.Action, resource ram.Resource) bool {
+func (s *SecurityContext) Can(action rbac.Action, resource rbac.Resource) bool {
 	if s.store == nil {
 		return false
 	}