bios_iam/
iam_config.rs

1use std::fmt::Debug;
2use std::sync::Mutex;
3
4use bios_sdk_invoke::invoke_config::InvokeConfig;
5use lazy_static::lazy_static;
6use serde::{Deserialize, Serialize};
7use tardis::basic::error::TardisError;
8
9use tardis::basic::result::TardisResult;
10use tardis::TardisFunsInst;
11
12use bios_basic::rbum::rbum_config::RbumConfig;
13use tardis::web::poem::http::HeaderName;
14
15#[derive(Debug, Serialize, Deserialize, Clone)]
16#[serde(default)]
17pub struct IamConfig {
18    pub rbum: RbumConfig,
19    pub in_event: bool,
20    pub invoke: InvokeConfig,
21    // token -> (token_kind, account_id)
22    // accessToken(token_kind = TokenOauth2) -> (token_kind, rel_iam_item_id, ak, SetCateIds)
23    pub cache_key_token_info_: String,
24    // ak -> (sk,tenant_id,[appid])
25    pub cache_key_aksk_info_: String,
26    // account_id -> [token, (token_kind, add_time)]
27    pub cache_key_account_rel_: String,
28    // account_id -> {
29    //     _: system or tenant context,
30    //     <app_id>: app context,
31    //     is_global<bool>:is global account
32    // }
33    pub cache_key_account_info_: String,
34    // role_id -> iam_role
35    pub cache_key_role_info_: String,
36    pub cache_key_double_auth_info: String,
37    pub cache_key_double_auth_expire_sec: usize,
38    //  -> [res_uri##action, {st,et,accounts,roles,groups,apps,tenants}]
39    pub cache_key_res_info: String,
40    // time_stamp -> res_uri##action
41    pub cache_key_res_changed_info_: String,
42    pub cache_key_res_changed_expire_sec: usize,
43    pub cache_key_async_task_status: String,
44    pub cache_key_sync_ldap_status: String,
45    pub cache_key_sync_ldap_task_lock: String,
46    pub cache_key_gateway_rule_info_: String,
47    pub mail_template_cert_activate_title: String,
48    pub mail_template_cert_activate_content: String,
49    pub mail_template_cert_login_title: String,
50    pub mail_template_cert_login_content: String,
51    pub mail_template_cert_random_pwd_title: String,
52    pub mail_template_cert_random_pwd_content: String,
53    //TODO remove?
54    #[deprecated]
55    pub phone_template_cert_activate_title: String,
56    #[deprecated]
57    pub phone_template_cert_activate_content: String,
58    #[deprecated]
59    pub phone_template_cert_login_title: String,
60    #[deprecated]
61    pub phone_template_cert_login_content: String,
62    pub vcode_cd_in_sec: u32,
63    pub sms_base_url: String,
64    pub sms_path: String,
65    pub sms_pwd_path: String,
66    pub third_integration_config_key: String,
67    pub third_integration_schedule_code: String,
68    pub init_menu_json_path: String,
69    pub ldap: IamLdapConfig,
70
71    pub spi: IamSpiConfig,
72    pub iam_base_url: String,
73    pub strict_security_mode: bool,
74    pub crypto_conf: CryptoConf,
75
76    pub gateway_openapi_path: String,
77}
78
79#[derive(Debug, Serialize, Deserialize, Clone)]
80#[serde(default)]
81pub struct IamLdapConfig {
82    pub port: u16,
83    pub dc: String,
84    pub bind_dn: String,
85    pub bind_password: String,
86}
87
88impl Default for IamLdapConfig {
89    fn default() -> Self {
90        IamLdapConfig {
91            port: 10389,
92            dc: "bios".to_string(),
93            bind_dn: "CN=ldapadmin,DC=bios".to_string(),
94            bind_password: "KDi234!ds".to_string(),
95        }
96    }
97}
98
99#[derive(Debug, Serialize, Deserialize, Clone)]
100#[serde(default)]
101pub struct IamSpiConfig {
102    pub schedule_url: String,
103    pub search_url: String,
104    pub log_url: String,
105    pub search_account_tag: String,
106    pub stats_orgs_prefix: String,
107    pub kv_url: String,
108    pub kv_tenant_prefix: String,
109    pub kv_account_prefix: String,
110    pub kv_app_prefix: String,
111    pub kv_apps_prefix: String,
112    pub kv_orgs_prefix: String,
113    pub kv_role_prefix: String,
114    pub kv_api_call_count_prefix: String,
115
116    pub owner: String,
117}
118impl Default for IamSpiConfig {
119    fn default() -> Self {
120        IamSpiConfig {
121            schedule_url: "http://127.0.0.1:8080/schedule".to_string(),
122            search_url: "http://127.0.0.1:8080/spi-search".to_string(),
123            log_url: "http://127.0.0.1:8080/spi-log".to_string(),
124            search_account_tag: "iam_account".to_string(),
125            stats_orgs_prefix: "iam_orgs".to_string(),
126            kv_url: "http://127.0.0.1:8080/spi-kv".to_string(),
127            kv_tenant_prefix: "iam_tenant".to_string(),
128            kv_account_prefix: "iam_account".to_string(),
129            kv_app_prefix: "iam_app".to_string(),
130            kv_apps_prefix: "iam_apps".to_string(),
131            kv_orgs_prefix: "iam_orgs".to_string(),
132            kv_role_prefix: "iam_role".to_string(),
133            kv_api_call_count_prefix: "api_call_count".to_string(),
134            owner: "".to_string(),
135        }
136    }
137}
138
139impl Default for IamConfig {
140    fn default() -> Self {
141        IamConfig {
142            rbum: Default::default(),
143            in_event: false,
144            invoke: InvokeConfig::default(),
145            cache_key_token_info_: "iam:cache:token:info:".to_string(),
146            cache_key_aksk_info_: "iam:cache:aksk:info:".to_string(),
147            cache_key_account_rel_: "iam:cache:account:rel:".to_string(),
148            cache_key_account_info_: "iam:cache:account:info:".to_string(),
149            cache_key_role_info_: "iam:cache:role:info:".to_string(),
150            // ..:<account_id>
151            cache_key_double_auth_info: "iam:cache:double_auth:info:".to_string(),
152            cache_key_double_auth_expire_sec: 300,
153            cache_key_res_info: "iam:res:info".to_string(),
154            cache_key_res_changed_info_: "iam:res:changed:info:".to_string(),
155            cache_key_res_changed_expire_sec: 300,
156            mail_template_cert_activate_title: "IAM Service Mail Credentials Activation".to_string(),
157            mail_template_cert_activate_content: "Your account [{account_name}] is activating email credentials, verification code: {vcode}".to_string(),
158            mail_template_cert_login_title: "IAM Service Mail login verification".to_string(),
159            mail_template_cert_login_content: "Your account is trying to login, verification code: {vcode}".to_string(),
160            mail_template_cert_random_pwd_title: "IAM Service Mail password verification".to_string(),
161            mail_template_cert_random_pwd_content: "Your account has just been created, verification password: {pwd}".to_string(),
162            phone_template_cert_activate_title: "IAM Service Phone Credentials Activation".to_string(),
163            phone_template_cert_activate_content: "Your account [{account_name}] is activating phone credentials, verification code: {vcode}".to_string(),
164            phone_template_cert_login_title: "Your account is trying to login, verification code: {vcode}".to_string(),
165            phone_template_cert_login_content: "IAM Service Phone Credentials Activation".to_string(),
166            init_menu_json_path: "config/init-menu-default.json".to_string(),
167            ldap: IamLdapConfig::default(),
168            cache_key_async_task_status: "iam:cache:task:status".to_string(),
169            cache_key_sync_ldap_status: "iam:cache:sync:ldap:status".to_string(),
170            cache_key_sync_ldap_task_lock: "iam:cache:sync:ldap:taskId".to_string(),
171            sms_base_url: "http://reach:8080".to_string(),
172            sms_path: "cc/msg/vcode".to_string(),
173            sms_pwd_path: "cc/msg/pwd".to_string(),
174            third_integration_config_key: "iam:third:integration:config:key".to_string(),
175            third_integration_schedule_code: "iam:third:integration".to_string(),
176            iam_base_url: "http://127.0.0.1:8080/iam".to_string(),
177            spi: Default::default(),
178            strict_security_mode: false,
179            crypto_conf: CryptoConf::default(),
180            cache_key_gateway_rule_info_: "sg:plugin:".to_string(),
181            gateway_openapi_path: "/op-api".to_string(),
182            vcode_cd_in_sec: crate::iam_constants::DEFAULT_V_CODE_CD_IN_SEC,
183        }
184    }
185}
186
187#[derive(Debug, Serialize, Deserialize, Clone)]
188pub struct CryptoConf {
189    pub head_key_crypto: String,
190    pub auth_url: String,
191}
192impl CryptoConf {
193    pub fn get_crypto_header_name(&self) -> TardisResult<HeaderName> {
194        HeaderName::try_from(&self.head_key_crypto)
195            .map_err(|e| TardisError::custom("500", &format!("[Iam] head_key_crypto config error,can't be HeaderName: {e}"), "500-config-parse-error"))
196    }
197}
198
199impl Default for CryptoConf {
200    fn default() -> Self {
201        CryptoConf {
202            head_key_crypto: "Bios-Crypto".to_string(),
203            auth_url: "http://127.0.0.1:8080/auth".to_string(),
204        }
205    }
206}
207
208#[derive(Debug, Serialize, Deserialize, Clone)]
209pub struct BasicInfo {
210    pub kind_tenant_id: String,
211    pub kind_app_id: String,
212    pub kind_account_id: String,
213    pub kind_role_id: String,
214    pub kind_res_id: String,
215    pub domain_iam_id: String,
216    pub role_sys_admin_id: String,
217    pub role_tenant_admin_id: String,
218    pub role_tenant_audit_id: String,
219    pub role_app_admin_id: String,
220}
221
222lazy_static! {
223    static ref BASIC_INFO: Mutex<Option<BasicInfo>> = Mutex::new(None);
224}
225
226pub struct IamBasicInfoManager;
227
228impl IamBasicInfoManager {
229    pub fn set(basic_info: BasicInfo) -> TardisResult<()> {
230        let mut conf = BASIC_INFO.lock().map_err(|e| TardisError::internal_error(&format!("{e:?}"), ""))?;
231        *conf = Some(basic_info);
232        Ok(())
233    }
234
235    pub fn get_config<F, T>(fun: F) -> T
236    where
237        F: Fn(&BasicInfo) -> T,
238    {
239        let conf = BASIC_INFO.lock().unwrap_or_else(|e| panic!("iam basic info lock error: {e:?}"));
240        let conf = conf.as_ref().unwrap_or_else(|| panic!("iam basic info not set"));
241        fun(conf)
242    }
243}
244
245pub trait IamBasicConfigApi {
246    fn iam_basic_kind_tenant_id(&self) -> String;
247    fn iam_basic_kind_app_id(&self) -> String;
248    fn iam_basic_kind_account_id(&self) -> String;
249    fn iam_basic_kind_role_id(&self) -> String;
250    fn iam_basic_kind_res_id(&self) -> String;
251    fn iam_basic_domain_iam_id(&self) -> String;
252    fn iam_basic_role_sys_admin_id(&self) -> String;
253    fn iam_basic_role_tenant_admin_id(&self) -> String;
254    fn iam_basic_role_tenant_audit_id(&self) -> String;
255    fn iam_basic_role_app_admin_id(&self) -> String;
256}
257
258impl IamBasicConfigApi for TardisFunsInst {
259    fn iam_basic_kind_tenant_id(&self) -> String {
260        IamBasicInfoManager::get_config(|conf| conf.kind_tenant_id.clone())
261    }
262
263    fn iam_basic_kind_app_id(&self) -> String {
264        IamBasicInfoManager::get_config(|conf| conf.kind_app_id.clone())
265    }
266
267    fn iam_basic_kind_account_id(&self) -> String {
268        IamBasicInfoManager::get_config(|conf| conf.kind_account_id.clone())
269    }
270
271    fn iam_basic_kind_role_id(&self) -> String {
272        IamBasicInfoManager::get_config(|conf| conf.kind_role_id.clone())
273    }
274
275    fn iam_basic_kind_res_id(&self) -> String {
276        IamBasicInfoManager::get_config(|conf| conf.kind_res_id.clone())
277    }
278
279    fn iam_basic_domain_iam_id(&self) -> String {
280        IamBasicInfoManager::get_config(|conf| conf.domain_iam_id.clone())
281    }
282
283    fn iam_basic_role_sys_admin_id(&self) -> String {
284        IamBasicInfoManager::get_config(|conf| conf.role_sys_admin_id.clone())
285    }
286
287    fn iam_basic_role_tenant_admin_id(&self) -> String {
288        IamBasicInfoManager::get_config(|conf| conf.role_tenant_admin_id.clone())
289    }
290
291    fn iam_basic_role_tenant_audit_id(&self) -> String {
292        IamBasicInfoManager::get_config(|conf| conf.role_tenant_audit_id.clone())
293    }
294
295    fn iam_basic_role_app_admin_id(&self) -> String {
296        IamBasicInfoManager::get_config(|conf| conf.role_app_admin_id.clone())
297    }
298}