Merge pull request polarismesh#351 from chuntaojun/feat_issue_343

[ISSUE polarismesh#343] 控制台访问与SDK访问鉴权分离

apiserver/eurekaserver/write.go

@@ -173,7 +173,7 @@ func (h *EurekaServer) registerInstances(ctx context.Context, appId string, inst
 	// 1. 先转换数据结构
 	totalInstance := convertEurekaInstance(instance, h.namespace, appId)
 	// 3. 注册实例
-	resp := h.namingServer.CreateInstances(ctx, []*api.Instance{totalInstance})
+	resp := h.namingServer.RegisterInstance(ctx, totalInstance)
 	// 4. 注册成功，则返回
 	if resp.GetCode().GetValue() == api.ExecuteSuccess || resp.GetCode().GetValue() == api.ExistedResource {
 		return api.ExecuteSuccess
@@ -190,14 +190,14 @@ func (h *EurekaServer) registerInstances(ctx context.Context, appId string, inst
 			return svcCreateCode
 		}
 		// 6. 再重试注册实例列表
-		resp = h.namingServer.CreateInstances(ctx, []*api.Instance{totalInstance})
+		resp = h.namingServer.RegisterInstance(ctx, totalInstance)
 		return resp.GetCode().GetValue()
 	}
 	return resp.GetCode().GetValue()
 }
 
 func (h *EurekaServer) deregisterInstance(ctx context.Context, appId string, instanceId string) uint32 {
-	resp := h.namingServer.DeleteInstances(ctx, []*api.Instance{{Id: &wrappers.StringValue{Value: instanceId}}})
+	resp := h.namingServer.DeregisterInstance(ctx, &api.Instance{Id: &wrappers.StringValue{Value: instanceId}})
 	return resp.GetCode().GetValue()
 }
 
@@ -207,7 +207,7 @@ func (h *EurekaServer) update(ctx context.Context, appId string, instanceId stri
 		isolated = true
 	}
 	resp := h.namingServer.UpdateInstances(ctx,
-		[]*api.Instance{&api.Instance{Id: &wrappers.StringValue{Value: instanceId}, Isolate: &wrappers.BoolValue{Value: isolated}}})
+		[]*api.Instance{{Id: &wrappers.StringValue{Value: instanceId}, Isolate: &wrappers.BoolValue{Value: isolated}}})
 	return resp.GetCode().GetValue()
 }
 

apiserver/grpcserver/client_access.go

@@ -40,32 +40,30 @@ func (g *GRPCServer) ReportClient(ctx context.Context, in *api.Client) (*api.Res
 func (g *GRPCServer) RegisterInstance(ctx context.Context, in *api.Instance) (*api.Response, error) {
 	// 需要记录操作来源，提高效率，只针对特殊接口添加operator
 	rCtx := ConvertContext(ctx)
-	operator := ParseGrpcOperator(ctx)
-	rCtx = context.WithValue(rCtx, utils.StringContext("operator"), operator)
+	rCtx = context.WithValue(rCtx, utils.StringContext("operator"), ParseGrpcOperator(ctx))
 
 	// 客户端请求中带了 token 的，优先已请求中的为准
 	if in.GetServiceToken().GetValue() != "" {
 		rCtx = context.WithValue(rCtx, utils.ContextAuthTokenKey, in.GetServiceToken().GetValue())
 	}
 
-	out := g.namingServer.CreateInstances(rCtx, []*api.Instance{in})
-	return out.Responses[0], nil
+	out := g.namingServer.RegisterInstance(rCtx, in)
+	return out, nil
 }
 
 // DeregisterInstance 反注册服务实例
 func (g *GRPCServer) DeregisterInstance(ctx context.Context, in *api.Instance) (*api.Response, error) {
 	// 需要记录操作来源，提高效率，只针对特殊接口添加operator
 	rCtx := ConvertContext(ctx)
-	operator := ParseGrpcOperator(ctx)
-	rCtx = context.WithValue(rCtx, utils.StringContext("operator"), operator)
+	rCtx = context.WithValue(rCtx, utils.StringContext("operator"), ParseGrpcOperator(ctx))
 
 	// 客户端请求中带了 token 的，优先已请求中的为准
 	if in.GetServiceToken().GetValue() != "" {
 		rCtx = context.WithValue(rCtx, utils.ContextAuthTokenKey, in.GetServiceToken().GetValue())
 	}
 
-	out := g.namingServer.DeleteInstances(rCtx, []*api.Instance{in})
-	return out.Responses[0], nil
+	out := g.namingServer.DeregisterInstance(rCtx, in)
+	return out, nil
 }
 
 // Discover 统一发现接口

apiserver/httpserver/auth.go

@@ -67,8 +67,7 @@ func (h *HTTPServer) GetAuthServer(ws *restful.WebService) error {
 func (h *HTTPServer) AuthStatus(req *restful.Request, rsp *restful.Response) {
 	handler := &Handler{req, rsp}
 
-	isOpen := h.authServer.GetAuthChecker().IsOpenAuth()
-
+	isOpen := h.authServer.GetAuthChecker().IsOpenConsoleAuth()
 	resp := api.NewResponse(api.ExecuteSuccess)
 	resp.OptionSwitch = &api.OptionSwitch{
 		Options: map[string]string{

apiserver/httpserver/naming_client_access.go

@@ -99,7 +99,7 @@ func (h *HTTPServer) RegisterInstance(req *restful.Request, rsp *restful.Respons
 		return
 	}
 
-	handler.WriteHeaderAndProto(h.namingServer.CreateInstances(ctx, []*api.Instance{instance}))
+	handler.WriteHeaderAndProto(h.namingServer.RegisterInstance(ctx, instance))
 }
 
 // DeregisterInstance 反注册服务实例
@@ -113,7 +113,7 @@ func (h *HTTPServer) DeregisterInstance(req *restful.Request, rsp *restful.Respo
 		return
 	}
 
-	handler.WriteHeaderAndProto(h.namingServer.DeleteInstances(ctx, []*api.Instance{instance}))
+	handler.WriteHeaderAndProto(h.namingServer.DeregisterInstance(ctx, instance))
 }
 
 // Discover 统一发现接口

apiserver/httpserver/naming_console_access.go

@@ -180,7 +180,7 @@ func (h *HTTPServer) CreateNamespaces(req *restful.Request, rsp *restful.Respons
 		return
 	}
 
-	handler.WriteHeaderAndProto(h.namingServer.CreateNamespaces(ctx, namespaces))
+	handler.WriteHeaderAndProto(h.namespaceServer.CreateNamespaces(ctx, namespaces))
 }
 
 // DeleteNamespaces 删除命名空间
@@ -198,7 +198,7 @@ func (h *HTTPServer) DeleteNamespaces(req *restful.Request, rsp *restful.Respons
 		return
 	}
 
-	ret := h.namingServer.DeleteNamespaces(ctx, namespaces)
+	ret := h.namespaceServer.DeleteNamespaces(ctx, namespaces)
 	if code := api.CalcCode(ret); code != http.StatusOK {
 		handler.WriteHeaderAndProto(ret)
 		return
@@ -222,7 +222,7 @@ func (h *HTTPServer) UpdateNamespaces(req *restful.Request, rsp *restful.Respons
 		return
 	}
 
-	ret := h.namingServer.UpdateNamespaces(ctx, namespaces)
+	ret := h.namespaceServer.UpdateNamespaces(ctx, namespaces)
 	if code := api.CalcCode(ret); code != http.StatusOK {
 		handler.WriteHeaderAndProto(ret)
 		return
@@ -235,7 +235,7 @@ func (h *HTTPServer) UpdateNamespaces(req *restful.Request, rsp *restful.Respons
 func (h *HTTPServer) GetNamespaces(req *restful.Request, rsp *restful.Response) {
 	handler := &Handler{req, rsp}
 
-	ret := h.namingServer.GetNamespaces(handler.ParseHeaderContext(), req.Request.URL.Query())
+	ret := h.namespaceServer.GetNamespaces(handler.ParseHeaderContext(), req.Request.URL.Query())
 	handler.WriteHeaderAndProto(ret)
 }
 
@@ -252,7 +252,7 @@ func (h *HTTPServer) GetNamespaceToken(req *restful.Request, rsp *restful.Respon
 		Token: utils.NewStringValue(queryParams["token"]),
 	}
 
-	ret := h.namingServer.GetNamespaceToken(ctx, namespace)
+	ret := h.namespaceServer.GetNamespaceToken(ctx, namespace)
 	handler.WriteHeaderAndProto(ret)
 }
 
@@ -267,7 +267,7 @@ func (h *HTTPServer) UpdateNamespaceToken(req *restful.Request, rsp *restful.Res
 		return
 	}
 
-	ret := h.namingServer.UpdateNamespaceToken(ctx, &namespace)
+	ret := h.namespaceServer.UpdateNamespaceToken(ctx, &namespace)
 	handler.WriteHeaderAndProto(ret)
 }
 

apiserver/httpserver/server.go

@@ -37,6 +37,7 @@ import (
 	"github.com/polarismesh/polaris-server/common/connlimit"
 	"github.com/polarismesh/polaris-server/common/utils"
 	"github.com/polarismesh/polaris-server/config"
+	"github.com/polarismesh/polaris-server/namespace"
 	"github.com/polarismesh/polaris-server/plugin"
 	"github.com/polarismesh/polaris-server/plugin/statis/local"
 	"github.com/polarismesh/polaris-server/service"
@@ -59,6 +60,7 @@ type HTTPServer struct {
 	freeMemMu *sync.Mutex
 
 	server            *http.Server
+	namespaceServer   namespace.NamespaceOperateServer
 	namingServer      service.DiscoverServer
 	configServer      *config.Server
 	healthCheckServer *healthcheck.Server
@@ -126,6 +128,15 @@ func (h *HTTPServer) Run(errCh chan error) {
 	}()
 
 	var err error
+
+	// 引入命名空间模块
+	h.namespaceServer, err = namespace.GetServer()
+	if err != nil {
+		log.Errorf("%v", err)
+		errCh <- err
+		return
+	}
+
 	// 引入功能模块和插件
 	h.namingServer, err = service.GetServer()
 	if err != nil {

apiserver/xdsserverv3/server.go

@@ -60,6 +60,7 @@ import (
 	api "github.com/polarismesh/polaris-server/common/api/v1"
 	"github.com/polarismesh/polaris-server/common/connlimit"
 	"github.com/polarismesh/polaris-server/common/model"
+	"github.com/polarismesh/polaris-server/namespace"
 	"github.com/polarismesh/polaris-server/service"
 )
 
@@ -673,12 +674,12 @@ func (x *XDSServer) getRegistryInfoWithCache(ctx context.Context, registryInfo m
 
 func (x *XDSServer) initRegistryInfo() error {
 
-	namingServer, err := service.GetOriginServer()
+	namespaceServer, err := namespace.GetOriginServer()
 	if err != nil {
 		return err
 	}
 
-	resp := namingServer.GetNamespaces(context.Background(), make(map[string][]string))
+	resp := namespaceServer.GetNamespaces(context.Background(), make(map[string][]string))
 	if resp.Code.Value != api.ExecuteSuccess {
 		return fmt.Errorf("error to init registry info %s", resp.Code)
 	}

auth/api.go

@@ -55,18 +55,18 @@ type AuthServer interface {
 
 // AuthChecker 权限管理通用接口定义
 type AuthChecker interface {
-
 	// Initialize 执行初始化动作
 	Initialize(options *Config, cacheMgn *cache.NamingCache) error
-
 	// VerifyToken 验证令牌
 	VerifyCredential(preCtx *model.AcquireContext) error
-
-	// CheckPermission 执行检查动作判断是否有权限，并且将 RequestContext 进行插入一些新的数据
-	CheckPermission(preCtx *model.AcquireContext) (bool, error)
-
-	// IsOpenAuth 返回是否开启了操作鉴权，可以用于前端查询
-	IsOpenAuth() bool
+	// CheckClientPermission 执行检查客户端动作判断是否有权限，并且对 RequestContext 注入操作者数据
+	CheckClientPermission(preCtx *model.AcquireContext) (bool, error)
+	// CheckConsolePermission 执行检查控制台动作判断是否有权限，并且对 RequestContext 注入操作者数据
+	CheckConsolePermission(preCtx *model.AcquireContext) (bool, error)
+	// IsOpenConsoleAuth 返回是否开启了操作鉴权，可以用于前端查询
+	IsOpenConsoleAuth() bool
+	// IsOpenClientAuth
+	IsOpenClientAuth() bool
 }
 
 // UserOperator 用户数据管理 server