From b86e773d78a02b741723665a211014d60841cd3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=B1=88=E8=BD=A9?= Date: Fri, 17 Jan 2025 20:54:11 +0800 Subject: [PATCH] fix(apigateway): add scopedpolicybindings api (#21989) --- pkg/apigateway/handler/auth.go | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/pkg/apigateway/handler/auth.go b/pkg/apigateway/handler/auth.go index 3b3e1588403..2711c9ffa29 100644 --- a/pkg/apigateway/handler/auth.go +++ b/pkg/apigateway/handler/auth.go @@ -16,6 +16,7 @@ package handler import ( "context" + "crypto/md5" "encoding/base64" "fmt" "net/http" @@ -43,6 +44,8 @@ import ( compute_modules "yunion.io/x/onecloud/pkg/mcclient/modules/compute" modules "yunion.io/x/onecloud/pkg/mcclient/modules/identity" "yunion.io/x/onecloud/pkg/mcclient/modules/notify" + "yunion.io/x/onecloud/pkg/mcclient/modules/yunionconf" + "yunion.io/x/onecloud/pkg/util/hashcache" "yunion.io/x/onecloud/pkg/util/logclient" "yunion.io/x/onecloud/pkg/util/netutils2" "yunion.io/x/onecloud/pkg/util/seclib2" @@ -74,6 +77,7 @@ func (h *AuthHandlers) AddMethods() { NewHP(h.handleSsoLogin, "ssologin"), NewHP(h.handleIdpInitSsoLogin, "ssologin", ""), NewHP(h.postLogoutHandler, "logout"), + NewHP(h.getScopedPolicyBindings, "scopedpolicybindings"), // oidc auth NewHP(handleOIDCAuth, "oidc", "auth"), NewHP(handleOIDCConfiguration, "oidc", ".well-known", "openid-configuration"), @@ -212,6 +216,28 @@ func (h *AuthHandlers) getRegions(ctx context.Context, w http.ResponseWriter, re appsrv.SendJSON(w, jsonutils.Marshal(resp)) } +var ( + bindingCache = hashcache.NewCache(1024, time.Minute) +) + +func (h *AuthHandlers) getScopedPolicyBindings(ctx context.Context, w http.ResponseWriter, req *http.Request) { + _, params, _ := appsrv.FetchEnv(ctx, w, req) + hash := fmt.Sprintf("%x", md5.Sum([]byte(params.String()))) + cache := bindingCache.Get(hash) + if cache != nil { + appsrv.SendJSON(w, jsonutils.Marshal(cache)) + return + } + s := auth.GetAdminSession(ctx, options.Options.Region) + resp, err := yunionconf.ScopedPolicyBindings.List(s, params) + if err != nil { + httperrors.GeneralServerError(ctx, w, err) + return + } + bindingCache.AtomicSet(hash, resp) + appsrv.SendJSON(w, jsonutils.Marshal(resp)) +} + func (h *AuthHandlers) getUser(ctx context.Context, w http.ResponseWriter, req *http.Request) { data, err := getUserInfo(ctx, req) if err != nil {