k2hr3-api
Version:
K2HR3 REST API is K2hdkc based Resource and Roles and policy Rules
208 lines (207 loc) • 10.9 kB
JavaScript
;
/*
* K2HR3 REST API
*
* Copyright 2017 Yahoo Japan Corporation.
*
* K2HR3 is K2hdkc based Resource and Roles and policy Rules, gathers
* common management information for the cloud.
* K2HR3 can dynamically manage information as "who", "what", "operate".
* These are stored as roles, resources, policies in K2hdkc, and the
* client system can dynamically read and modify these information.
*
* For the full copyright and license information, please view
* the license file that was distributed with this source code.
*
* AUTHOR: Takeshi Nakatani
* CREATE: Wed Jun 8 2017
* REVISION:
*
*/
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.getK2hr3Keys = void 0;
const k2hr3apiutil_1 = __importDefault(require("./k2hr3apiutil"));
const getK2hr3Keys = (user, tenant, service) => {
const keywords = {
// common types
'TYPE_ROLE': 'role',
'TYPE_RESOURCE': 'resource',
'TYPE_POLICY': 'policy',
'TYPE_SERVICE': 'service', // Using in list API
// common values
'VALUE_WILDCARD': '*',
'VALUE_TRUE': 'true',
'VALUE_FALSE': 'false',
'VALUE_ENABLE': 'enable',
'VALUE_DISABLE': 'disable',
'VALUE_ALLOW': 'allow',
'VALUE_DENY': 'deny',
'VALUE_READ': 'read',
'VALUE_WRITE': 'write',
'VALUE_ANY_PORT': '*',
'VALUE_HOST_SEP': ' ',
'VALUE_HOST_REGSEP': ':',
'VALUE_HOST_DETAILSEP': ',',
'VALUE_ANYDATA_TYPE': 'anytype',
'VALUE_STRING_TYPE': 'string',
'VALUE_OBJECT_TYPE': 'object',
'VALUE_KEYS_TYPE': 'keys',
'VALUE_ALIAS_TYPE': 'aliases',
'VALUE_EXPIRE_TYPE': 'expire',
'VALUE_POLICIES_TYPE': 'policies',
'VALUE_HOSTS_TYPE': 'hosts',
'VALUE_HOSTNAMES_TYPE': 'hostnames',
'VALUE_IPS_TYPE': 'ips',
'VALUE_KEYSTONE_NORMAL': 'kstype_normal',
'VALUE_KEYSTONE_NOPASS': 'kstype_nopasswd',
'VALUE_KEYSTONE_SUB': 'kstype_substitute',
'VALUE_OPENSTACK_V1': 'openstack-auto-v1', // used/set from k2hr3-init.sh
'VALUE_K8S_V1': 'k8s-auto-v1', // used/set from k2hr3-kube-init.sh
'VALUE_PREFIX_LOCAL_TENANT': 'local@',
// common keywords( part of keyname )
'POLICIES_KW': 'policies',
'SERVICE_KW': 'service',
'HOSTS_KW': 'hosts',
'HOSTS_NAME_KW': 'name',
'HOSTS_IP_KW': 'ip',
'KEYS_KW': 'keys',
'TYPE_KW': 'type',
'EXPIRE_KW': 'expire',
'EFFECT_KW': 'effect',
'ACTION_KW': 'action',
'RESOURCE_KW': 'resource',
'CONDITION_KW': 'condition',
'REFERENCE_KW': 'reference',
'ID_KW': 'id',
'ALIAS_KW': '@',
'URL_KW': 'url',
'STATUS_KW': 'status',
'DATE_KW': 'date',
'SEED_KW': 'seed',
'ROLE_TOKEN_KW': 'tokens',
// ACR keywords
'ACR_POLICY_KW': 'acr-policy',
'ACR_ROLE_KW': 'acr-role',
'ACR_RESOURCE_NAME_KEY': 'name',
'ACR_RESOURCE_EXPIRE_KEY': 'expire',
'ACR_RESOURCE_TYPE_KEY': 'type',
'ACR_RESOURCE_DATA_KEY': 'data',
'ACR_RESOURCE_KEYS_KEY': 'keys',
// kubernetes cuk keywords
'K8S_HOST_INCUK_KEY': 'host',
'K8S_NAMESPACE_INCUK_KEY': 'k8s_namespace',
'K8S_SA_INCUK_KEY': 'k8s_service_account',
'K8S_NODENAME_INCUK_KEY': 'k8s_node_name',
'K8S_NODEIP_INCUK_KEY': 'k8s_node_ip',
'K8S_PODNAME_INCUK_KEY': 'k8s_pod_name',
'K8S_PODID_INCUK_KEY': 'k8s_pod_id',
'K8S_PODIP_INCUK_KEY': 'k8s_pod_ip',
'K8S_CONTAINERID_INCUK_KEY': 'k8s_container_id',
'K8S_RAND_INCUK_KEY': 'k8s_k2hr3_rand',
// common key names
'YRN_KEY': 'yrn',
'DOMAIN_KEY': 'yrn:yahoo',
'NO_SERVICE_KEY': 'yrn:yahoo:',
'NO_SERVICE_REGION_KEY': 'yrn:yahoo::',
'NO_SERVICE_TENANT_KEY': 'yrn:yahoo:::',
'USER_TOP_KEY': 'yrn:yahoo::::user',
'TOKEN_TOP_KEY': 'yrn:yahoo::::token',
'TOKEN_USER_TOP_KEY': 'yrn:yahoo::::token:user',
'TOKEN_ROLE_TOP_KEY': 'yrn:yahoo::::token:role',
'ACTION_TOP_KEY': 'yrn:yahoo::::action',
'ACTION_READ_KEY': 'yrn:yahoo::::action:read',
'ACTION_WRITE_KEY': 'yrn:yahoo::::action:write',
'KEYSTONE_TOP_KEY': 'yrn:yahoo::::keystone',
'IAAS_TOP_KEY': 'yrn:yahoo::::iaas',
'IAAS_OS_TOP_KEY': 'yrn:yahoo::::iaas:openstack',
'IAAS_K8S_TOP_KEY': 'yrn:yahoo::::iaas:k8s',
'MASTER_SERVICE_TOP_KEY': 'yrn:yahoo::::service',
'ANYTENANT_SERVICE_TOP_KEY': 'yrn:yahoo::::service:',
'ANYTENANT_SERVICE_KEY': 'yrn:yahoo::::service::anytenant',
// match regex
'MATCH_ANY_SERVICE_MASTER': 'yrn:yahoo::::service:(.*)',
'MATCH_ANY_IAAS': 'yrn:yahoo::::iaas:(.*)',
'MATCH_ANY_IAAS_OS': 'yrn:yahoo::::iaas:openstack:(.*)',
'MATCH_ANY_IAAS_K8S': 'yrn:yahoo::::iaas:k8s:(.*)',
'MATCH_ANY_SERVICE_TENANT': 'yrn:yahoo:(.*)::(.*):(.*)',
'MATCH_ANY_TENANT_MAIN': 'yrn:yahoo:(.*)::(.*)',
'MATCH_ANY_TENANT_ROLE': 'yrn:yahoo:(.*)::(.*):role:(.*)',
'MATCH_ANY_TENANT_POLICY': 'yrn:yahoo:(.*)::(.*):policy:(.*)',
'MATCH_ANY_TENANT_RESOURCE': 'yrn:yahoo:(.*)::(.*):resource:(.*)',
'MATCH_ANY_TENANT_RES_DATA': 'yrn:yahoo:(.*)::(.*):resource:(.*)', // end of resource name
'MATCH_NOT_TENANT_RES_DATA': '( |\t|\r|\n|:)', // not match resource data key name
'MATCH_ANY_TENANT_RES_KEY': 'yrn:yahoo:(.*)::(.*):resource:(.*)/keys/(.*)', // end of resource name/keys/<keyname>
'MATCH_ANY_HOSTNAME_PORT': 'yrn:yahoo:(.*)::(.*):role:(.*)/hosts/name/(.*) (.*) (.*)',
'MATCH_ANY_HOSTNAME_KEYS': 'yrn:yahoo:(.*)::(.*):role:(.*)/hosts/name',
'MATCH_ANY_IP_PORT': 'yrn:yahoo:(.*)::(.*):role:(.*)/hosts/ip/(.*) (.*) (.*)',
'MATCH_ANY_IP_KEYS': 'yrn:yahoo:(.*)::(.*):role:(.*)/hosts/ip',
'MATCH_ANY_ALLHOST_KEYS': 'yrn:yahoo:(.*)::(.*):role:(.*)/hosts/all', // This is only used in template variable names, not key name
'MATCH_ANY_KS_REGION': 'yrn:yahoo::::keystone:(.*)',
'MATCH_ANY_USER_TOKEN': 'yrn:yahoo::::user:(.*):tenant/(.*)/token/(.*)',
'MATCH_ANY_ROLE_TOKEN': 'yrn:yahoo::::token:role/(.*)',
'MATCH_URI_GET_ROLE_DATA': '^/v1/role/(.*)',
'MATCH_URI_GET_RTOKEN': '^/v1/role/token/(.*)',
'MATCH_URI_GET_RTOKEN_LIST': '^/v1/role/token/list/(.*)'
};
const _user = k2hr3apiutil_1.default.getSafeString(user).toLowerCase();
const _tenant = k2hr3apiutil_1.default.getSafeString(tenant).toLowerCase();
const _service = k2hr3apiutil_1.default.getSafeString(service).toLowerCase();
keywords.SERVICE_TOP_KEY = keywords.NO_SERVICE_KEY + _service; // "yrn:yahoo:<service>"
keywords.SERVICE_NO_REGION_KEY = keywords.SERVICE_TOP_KEY + ':'; // "yrn:yahoo:<service>:"
if (k2hr3apiutil_1.default.isSafeString(_service)) {
keywords.MASTER_SERVICE_KEY = keywords.MASTER_SERVICE_TOP_KEY + ':' + _service; // "yrn:yahoo::::service:<service>"
keywords.SERVICE_OWNER_KEY = keywords.MASTER_SERVICE_KEY + ':owner'; // "yrn:yahoo::::service:<service>:owner"
keywords.SERVICE_TENANT_KEY = keywords.MASTER_SERVICE_KEY + ':tenant'; // "yrn:yahoo::::service:<service>:tenant"
keywords.SERVICE_VERIFY_TENANT_KEY = keywords.MASTER_SERVICE_KEY + ':verify'; // "yrn:yahoo::::service:<service>:verify"
}
if (k2hr3apiutil_1.default.isSafeString(_tenant)) {
// tenant key with service(allowed null)
keywords.TENANT_TOP_KEY = keywords.SERVICE_NO_REGION_KEY + ':' + _tenant; // "yrn:yahoo:<service>::<tenant>"
// tenant master key(service is null)
keywords.MASTER_TENANT_TOP_KEY = keywords.NO_SERVICE_REGION_KEY + ':' + _tenant; // "yrn:yahoo:::<tenant>"
// tenant description keys(service is null)
keywords.TENANT_ID_KEY = keywords.MASTER_TENANT_TOP_KEY + ':id'; // "yrn:yahoo:::<tenant>:id"
keywords.TENANT_DESC_KEY = keywords.MASTER_TENANT_TOP_KEY + ':desc'; // "yrn:yahoo:::<tenant>:desc"
keywords.TENANT_DISP_KEY = keywords.MASTER_TENANT_TOP_KEY + ':display'; // "yrn:yahoo:::<tenant>:display"
keywords.TENANT_USER_KEY = keywords.MASTER_TENANT_TOP_KEY + ':user'; // "yrn:yahoo:::<tenant>:user"
keywords.TENANT_SERVICE_KEY = keywords.MASTER_TENANT_TOP_KEY + ':service'; // "yrn:yahoo:::<tenant>:service"
// role, resource, policy under tenant with service
keywords.ROLE_TOP_KEY = keywords.TENANT_TOP_KEY + ':' + 'role'; // "yrn:yahoo:<service>::<tenant>:role"
keywords.POLICY_TOP_KEY = keywords.TENANT_TOP_KEY + ':' + 'policy'; // "yrn:yahoo:<service>::<tenant>:policy"
keywords.RESOURCE_TOP_KEY = keywords.TENANT_TOP_KEY + ':' + 'resource'; // "yrn:yahoo:<service>::<tenant>:resource"
}
if (k2hr3apiutil_1.default.isSafeString(_user)) {
keywords.USER_KEY = keywords.USER_TOP_KEY + ':' + _user; // "yrn:yahoo::::user:<user>"
keywords.USER_ID_KEY = keywords.USER_KEY + ':id'; // "yrn:yahoo::::user:<user>:id"
keywords.USER_TENANT_TOP_KEY = keywords.USER_KEY + ':tenant'; // "yrn:yahoo::::user:<user>:tenant"
keywords.USER_TENANT_COMMON_KEY = keywords.USER_TENANT_TOP_KEY + '/'; // "yrn:yahoo::::user:<user>:tenant/"
keywords.USER_TENANT_UNSCOPE_TOKEN_KEY = keywords.USER_TENANT_COMMON_KEY + '/token'; // "yrn:yahoo::::user:<user>:tenant//token"
if (k2hr3apiutil_1.default.isSafeString(tenant)) {
keywords.USER_TENANT_KEY = keywords.USER_TENANT_COMMON_KEY + _tenant; // "yrn:yahoo::::user:<user>:tenant/<tenant>"
keywords.USER_TENANT_SCOPE_TOKEN_KEY = keywords.USER_TENANT_KEY + '/token'; // "yrn:yahoo::::user:<user>:tenant/<tenant>/token"
// ambiguous key whether tenant exists or not
keywords.USER_TENANT_AMBIGUOUS_KEY = keywords.USER_TENANT_KEY; // "yrn:yahoo::::user:<user>:tenant/<tenant>"
keywords.USER_TENANT_AMBIGUOUS_TOKEN_KEY = keywords.USER_TENANT_SCOPE_TOKEN_KEY; // "yrn:yahoo::::user:<user>:tenant/<tenant>/token"
}
else {
keywords.USER_TENANT_KEY = ''; // ""
keywords.USER_TENANT_SCOPE_TOKEN_KEY = ''; // ""
// ambiguous key whether tenant exists or not
keywords.USER_TENANT_AMBIGUOUS_KEY = keywords.USER_TENANT_COMMON_KEY; // "yrn:yahoo::::user:<user>:tenant/"
keywords.USER_TENANT_AMBIGUOUS_TOKEN_KEY = keywords.USER_TENANT_UNSCOPE_TOKEN_KEY; // "yrn:yahoo::::user:<user>:tenant//token"
}
}
return keywords;
};
exports.getK2hr3Keys = getK2hr3Keys;
/*
* Local variables:
* tab-width: 4
* c-basic-offset: 4
* End:
* vim600: noexpandtab sw=4 ts=4 fdm=marker
* vim<600: noexpandtab sw=4 ts=4
*/