Feat: add RBAC support (#3493)

* Feat: add the rbac data model Signed-off-by: barnettZQG <barnett.zqg@gmail.com> * Feat: add some api about the project Signed-off-by: barnettZQG <barnett.zqg@gmail.com> * Feat: add CRUD about the project and the project user Signed-off-by: barnettZQG <barnett.zqg@gmail.com> * Feat: add CRUD about the role and perm check filter function Signed-off-by: barnettZQG <barnett.zqg@gmail.com> * Feat: update swagger config Signed-off-by: barnettZQG <barnett.zqg@gmail.com> * Feat: add default roles and perm policies Signed-off-by: barnettZQG <barnett.zqg@gmail.com> * Feat: add perm check filter for all webservice Signed-off-by: barnettZQG <barnett.zqg@gmail.com> * Feat: change the method that find project name Signed-off-by: barnettZQG <barnett.zqg@gmail.com> * Feat: query applications and envs by user perm Signed-off-by: barnettZQG <barnett.zqg@gmail.com> * Feat: support get login user info Signed-off-by: barnettZQG <barnett.zqg@gmail.com> * Fix: change default permissions Signed-off-by: barnettZQG <barnett.zqg@gmail.com> * Feat: change PermPolicy to Permission Signed-off-by: barnettZQG <barnett.zqg@gmail.com> * Feat: add some unit test and fix the e2e test error Signed-off-by: barnettZQG <barnett.zqg@gmail.com> * Fix: change some comment word Signed-off-by: barnettZQG <barnett.zqg@gmail.com> * Fix: e2e api path error Signed-off-by: barnettZQG <barnett.zqg@gmail.com>
2026-02-14 18:10:21 +00:00 · 2022-03-28 16:03:11 +08:00
parent 795231ceb5
commit 044c4bf73c
69 changed files with 5026 additions and 932 deletions
--- a/docs/apidoc/swagger.json
+++ b/docs/apidoc/swagger.json
--- a/docs/examples/rbac/rbac.md
+++ b/docs/examples/rbac/rbac.md
@@ -0,0 +1,107 @@
+# RBAC
+
+User:
+
+```yaml
+name: user
+userRoles: ["app-developer"]
+...
+```
+
+ProjectUser:
+
+```yaml
+username: user
+project: demo
+userRoles: ["app-developer"]
+```
+
+Role:
+
+```yaml
+name: app-developer
+project: demo
+permissions: ["app-manage"]
+```
+
+```yaml
+name: admin
+permissions: ["all"]
+```
+
+Permission:
+
+```yaml
+name: app-manage
+project: demo
+resource: ["project:demo/application:*"]
+actions: ["*"]
+effect: Allow
+principal: {}
+condition: {}
+```
+
+```yaml
+name: app1-manage
+project: demo
+resource: ["project:demo/application:app1/*"]
+actions: ["*"]
+effect: Allow
+principal: {}
+condition: {}
+
+name: app2-manage
+project: demo
+resource: ["project:demo/application:app2/*"]
+actions: ["*"]
+effect: Allow
+principal: {}
+condition: {}
+```
+
+```yaml
+name: cluster-manage
+resource: ["cluster:*"]
+actions: ["*"]
+effect: Allow
+principal: {}
+condition: {}
+```
+
+```yaml
+name: cluster-beijing-manage
+resource: ["cluster:beijing"]
+actions: ["*"]
+effect: Allow
+principal: {}
+condition: {}
+```
+
+```yaml
+name: all
+resource: ["*"]
+actions: ["*"]
+effect: Allow
+principal: {}
+condition: {}
+```
+
+PermissionTemplate:
+
+```yaml
+name: app-manage
+resource: ["project:${projectName}/application:*"]
+actions: ["*"]
+level: project
+effect: Allow
+principal: {}
+condition: {}
+```
+
+```yaml
+name: deny-delete-cluster
+resource: ["cluster:*"]
+actions: ["delete"]
+level: platform
+effect: Deny
+```