From c88687b0334614f87c8db2653dcb19d58dd5c7ac Mon Sep 17 00:00:00 2001 From: Bobo Date: Mon, 9 Jun 2025 15:56:09 +0800 Subject: [PATCH] feat: config. --- api/gen/go/conf/v1/kratos_conf_authn.pb.go | 209 +++++++-- api/gen/go/conf/v1/kratos_conf_authz.pb.go | 509 ++++++++++++++++++++- api/protos/conf/v1/kratos_conf_authn.proto | 15 +- api/protos/conf/v1/kratos_conf_authz.proto | 42 ++ tag.bat | 2 +- 5 files changed, 726 insertions(+), 51 deletions(-) diff --git a/api/gen/go/conf/v1/kratos_conf_authn.pb.go b/api/gen/go/conf/v1/kratos_conf_authn.pb.go index ecabeae..781ba3b 100644 --- a/api/gen/go/conf/v1/kratos_conf_authn.pb.go +++ b/api/gen/go/conf/v1/kratos_conf_authn.pb.go @@ -24,8 +24,11 @@ const ( // 认证 type Authentication struct { - state protoimpl.MessageState `protogen:"open.v1"` - Jwt *Authentication_Jwt `protobuf:"bytes,1,opt,name=jwt,proto3,oneof" json:"jwt,omitempty"` + state protoimpl.MessageState `protogen:"open.v1"` + Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"` + Jwt *Authentication_Jwt `protobuf:"bytes,2,opt,name=jwt,proto3,oneof" json:"jwt,omitempty"` // JWT 认证 + Oidc *Authentication_OIDC `protobuf:"bytes,3,opt,name=oidc,proto3,oneof" json:"oidc,omitempty"` // OIDC + PresharedKey *Authentication_PresharedKey `protobuf:"bytes,4,opt,name=preshared_key,json=presharedKey,proto3,oneof" json:"preshared_key,omitempty"` // 预共享密钥 unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } @@ -60,6 +63,13 @@ func (*Authentication) Descriptor() ([]byte, []int) { return file_conf_v1_kratos_conf_authn_proto_rawDescGZIP(), []int{0} } +func (x *Authentication) GetType() string { + if x != nil { + return x.Type + } + return "" +} + func (x *Authentication) GetJwt() *Authentication_Jwt { if x != nil { return x.Jwt @@ -67,6 +77,20 @@ func (x *Authentication) GetJwt() *Authentication_Jwt { return nil } +func (x *Authentication) GetOidc() *Authentication_OIDC { + if x != nil { + return x.Oidc + } + return nil +} + +func (x *Authentication) GetPresharedKey() *Authentication_PresharedKey { + if x != nil { + return x.PresharedKey + } + return nil +} + // JWT type Authentication_Jwt struct { state protoimpl.MessageState `protogen:"open.v1"` @@ -120,6 +144,110 @@ func (x *Authentication_Jwt) GetKey() string { return "" } +type Authentication_OIDC struct { + state protoimpl.MessageState `protogen:"open.v1"` + IssuerUrl string `protobuf:"bytes,1,opt,name=issuer_url,json=issuerUrl,proto3" json:"issuer_url,omitempty"` + Audience string `protobuf:"bytes,2,opt,name=audience,proto3" json:"audience,omitempty"` + Method string `protobuf:"bytes,3,opt,name=method,proto3" json:"method,omitempty"` // JWT签名的算法,支持算法:HS256 + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *Authentication_OIDC) Reset() { + *x = Authentication_OIDC{} + mi := &file_conf_v1_kratos_conf_authn_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *Authentication_OIDC) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Authentication_OIDC) ProtoMessage() {} + +func (x *Authentication_OIDC) ProtoReflect() protoreflect.Message { + mi := &file_conf_v1_kratos_conf_authn_proto_msgTypes[2] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Authentication_OIDC.ProtoReflect.Descriptor instead. +func (*Authentication_OIDC) Descriptor() ([]byte, []int) { + return file_conf_v1_kratos_conf_authn_proto_rawDescGZIP(), []int{0, 1} +} + +func (x *Authentication_OIDC) GetIssuerUrl() string { + if x != nil { + return x.IssuerUrl + } + return "" +} + +func (x *Authentication_OIDC) GetAudience() string { + if x != nil { + return x.Audience + } + return "" +} + +func (x *Authentication_OIDC) GetMethod() string { + if x != nil { + return x.Method + } + return "" +} + +type Authentication_PresharedKey struct { + state protoimpl.MessageState `protogen:"open.v1"` + ValidKeys []string `protobuf:"bytes,1,rep,name=valid_keys,json=validKeys,proto3" json:"valid_keys,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *Authentication_PresharedKey) Reset() { + *x = Authentication_PresharedKey{} + mi := &file_conf_v1_kratos_conf_authn_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *Authentication_PresharedKey) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Authentication_PresharedKey) ProtoMessage() {} + +func (x *Authentication_PresharedKey) ProtoReflect() protoreflect.Message { + mi := &file_conf_v1_kratos_conf_authn_proto_msgTypes[3] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Authentication_PresharedKey.ProtoReflect.Descriptor instead. +func (*Authentication_PresharedKey) Descriptor() ([]byte, []int) { + return file_conf_v1_kratos_conf_authn_proto_rawDescGZIP(), []int{0, 2} +} + +func (x *Authentication_PresharedKey) GetValidKeys() []string { + if x != nil { + return x.ValidKeys + } + return nil +} + var File_conf_v1_kratos_conf_authn_proto protoreflect.FileDescriptor var file_conf_v1_kratos_conf_authn_proto_rawDesc = string([]byte{ @@ -127,24 +255,43 @@ var file_conf_v1_kratos_conf_authn_proto_rawDesc = string([]byte{ 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x6f, 0x6e, 0x66, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x7a, 0x0a, 0x0e, 0x41, 0x75, 0x74, 0x68, 0x65, - 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2f, 0x0a, 0x03, 0x6a, 0x77, 0x74, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x2e, 0x41, 0x75, - 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x4a, 0x77, 0x74, - 0x48, 0x00, 0x52, 0x03, 0x6a, 0x77, 0x74, 0x88, 0x01, 0x01, 0x1a, 0x2f, 0x0a, 0x03, 0x4a, 0x77, - 0x74, 0x12, 0x16, 0x0a, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x42, 0x06, 0x0a, 0x04, 0x5f, - 0x6a, 0x77, 0x74, 0x42, 0x86, 0x01, 0x0a, 0x08, 0x63, 0x6f, 0x6d, 0x2e, 0x63, 0x6f, 0x6e, 0x66, - 0x42, 0x14, 0x4b, 0x72, 0x61, 0x74, 0x6f, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x41, 0x75, 0x74, 0x68, - 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x34, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x74, 0x78, 0x37, 0x64, 0x6f, 0x2f, 0x6b, 0x72, 0x61, 0x74, 0x6f, - 0x73, 0x2d, 0x62, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x2f, 0x61, 0x70, 0x69, 0x2f, - 0x67, 0x65, 0x6e, 0x2f, 0x67, 0x6f, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x2f, 0x76, 0x31, 0xa2, 0x02, - 0x03, 0x43, 0x58, 0x58, 0xaa, 0x02, 0x04, 0x43, 0x6f, 0x6e, 0x66, 0xca, 0x02, 0x04, 0x43, 0x6f, - 0x6e, 0x66, 0xe2, 0x02, 0x10, 0x43, 0x6f, 0x6e, 0x66, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, - 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x04, 0x43, 0x6f, 0x6e, 0x66, 0x62, 0x06, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x33, + 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xb4, 0x03, 0x0a, 0x0e, 0x41, 0x75, 0x74, 0x68, + 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, + 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x2f, + 0x0a, 0x03, 0x6a, 0x77, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x63, 0x6f, + 0x6e, 0x66, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x2e, 0x4a, 0x77, 0x74, 0x48, 0x00, 0x52, 0x03, 0x6a, 0x77, 0x74, 0x88, 0x01, 0x01, 0x12, + 0x32, 0x0a, 0x04, 0x6f, 0x69, 0x64, 0x63, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, + 0x63, 0x6f, 0x6e, 0x66, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x2e, 0x4f, 0x49, 0x44, 0x43, 0x48, 0x01, 0x52, 0x04, 0x6f, 0x69, 0x64, 0x63, + 0x88, 0x01, 0x01, 0x12, 0x4b, 0x0a, 0x0d, 0x70, 0x72, 0x65, 0x73, 0x68, 0x61, 0x72, 0x65, 0x64, + 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x63, 0x6f, 0x6e, + 0x66, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x2e, 0x50, 0x72, 0x65, 0x73, 0x68, 0x61, 0x72, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x48, 0x02, 0x52, + 0x0c, 0x70, 0x72, 0x65, 0x73, 0x68, 0x61, 0x72, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x88, 0x01, 0x01, + 0x1a, 0x2f, 0x0a, 0x03, 0x4a, 0x77, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, + 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, + 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, + 0x79, 0x1a, 0x59, 0x0a, 0x04, 0x4f, 0x49, 0x44, 0x43, 0x12, 0x1d, 0x0a, 0x0a, 0x69, 0x73, 0x73, + 0x75, 0x65, 0x72, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x69, + 0x73, 0x73, 0x75, 0x65, 0x72, 0x55, 0x72, 0x6c, 0x12, 0x1a, 0x0a, 0x08, 0x61, 0x75, 0x64, 0x69, + 0x65, 0x6e, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x61, 0x75, 0x64, 0x69, + 0x65, 0x6e, 0x63, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x18, 0x03, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x1a, 0x2d, 0x0a, 0x0c, + 0x50, 0x72, 0x65, 0x73, 0x68, 0x61, 0x72, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x12, 0x1d, 0x0a, 0x0a, + 0x76, 0x61, 0x6c, 0x69, 0x64, 0x5f, 0x6b, 0x65, 0x79, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, + 0x52, 0x09, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x4b, 0x65, 0x79, 0x73, 0x42, 0x06, 0x0a, 0x04, 0x5f, + 0x6a, 0x77, 0x74, 0x42, 0x07, 0x0a, 0x05, 0x5f, 0x6f, 0x69, 0x64, 0x63, 0x42, 0x10, 0x0a, 0x0e, + 0x5f, 0x70, 0x72, 0x65, 0x73, 0x68, 0x61, 0x72, 0x65, 0x64, 0x5f, 0x6b, 0x65, 0x79, 0x42, 0x86, + 0x01, 0x0a, 0x08, 0x63, 0x6f, 0x6d, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x42, 0x14, 0x4b, 0x72, 0x61, + 0x74, 0x6f, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x41, 0x75, 0x74, 0x68, 0x6e, 0x50, 0x72, 0x6f, 0x74, + 0x6f, 0x50, 0x01, 0x5a, 0x34, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, + 0x74, 0x78, 0x37, 0x64, 0x6f, 0x2f, 0x6b, 0x72, 0x61, 0x74, 0x6f, 0x73, 0x2d, 0x62, 0x6f, 0x6f, + 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x67, + 0x6f, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x2f, 0x76, 0x31, 0xa2, 0x02, 0x03, 0x43, 0x58, 0x58, 0xaa, + 0x02, 0x04, 0x43, 0x6f, 0x6e, 0x66, 0xca, 0x02, 0x04, 0x43, 0x6f, 0x6e, 0x66, 0xe2, 0x02, 0x10, + 0x43, 0x6f, 0x6e, 0x66, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, + 0xea, 0x02, 0x04, 0x43, 0x6f, 0x6e, 0x66, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, }) var ( @@ -159,18 +306,22 @@ func file_conf_v1_kratos_conf_authn_proto_rawDescGZIP() []byte { return file_conf_v1_kratos_conf_authn_proto_rawDescData } -var file_conf_v1_kratos_conf_authn_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_conf_v1_kratos_conf_authn_proto_msgTypes = make([]protoimpl.MessageInfo, 4) var file_conf_v1_kratos_conf_authn_proto_goTypes = []any{ - (*Authentication)(nil), // 0: conf.Authentication - (*Authentication_Jwt)(nil), // 1: conf.Authentication.Jwt + (*Authentication)(nil), // 0: conf.Authentication + (*Authentication_Jwt)(nil), // 1: conf.Authentication.Jwt + (*Authentication_OIDC)(nil), // 2: conf.Authentication.OIDC + (*Authentication_PresharedKey)(nil), // 3: conf.Authentication.PresharedKey } var file_conf_v1_kratos_conf_authn_proto_depIdxs = []int32{ 1, // 0: conf.Authentication.jwt:type_name -> conf.Authentication.Jwt - 1, // [1:1] is the sub-list for method output_type - 1, // [1:1] is the sub-list for method input_type - 1, // [1:1] is the sub-list for extension type_name - 1, // [1:1] is the sub-list for extension extendee - 0, // [0:1] is the sub-list for field type_name + 2, // 1: conf.Authentication.oidc:type_name -> conf.Authentication.OIDC + 3, // 2: conf.Authentication.preshared_key:type_name -> conf.Authentication.PresharedKey + 3, // [3:3] is the sub-list for method output_type + 3, // [3:3] is the sub-list for method input_type + 3, // [3:3] is the sub-list for extension type_name + 3, // [3:3] is the sub-list for extension extendee + 0, // [0:3] is the sub-list for field type_name } func init() { file_conf_v1_kratos_conf_authn_proto_init() } @@ -185,7 +336,7 @@ func file_conf_v1_kratos_conf_authn_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: unsafe.Slice(unsafe.StringData(file_conf_v1_kratos_conf_authn_proto_rawDesc), len(file_conf_v1_kratos_conf_authn_proto_rawDesc)), NumEnums: 0, - NumMessages: 2, + NumMessages: 4, NumExtensions: 0, NumServices: 0, }, diff --git a/api/gen/go/conf/v1/kratos_conf_authz.pb.go b/api/gen/go/conf/v1/kratos_conf_authz.pb.go index 7fa2cf8..bf02c3f 100644 --- a/api/gen/go/conf/v1/kratos_conf_authz.pb.go +++ b/api/gen/go/conf/v1/kratos_conf_authz.pb.go @@ -24,7 +24,11 @@ const ( // 授权 type Authorization struct { - state protoimpl.MessageState `protogen:"open.v1"` + state protoimpl.MessageState `protogen:"open.v1"` + Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"` + Casbin *Authorization_Casbin `protobuf:"bytes,2,opt,name=casbin,proto3" json:"casbin,omitempty"` // casbin + Opa *Authorization_OPA `protobuf:"bytes,3,opt,name=opa,proto3" json:"opa,omitempty"` // OPA + Zanzibar *Authorization_Zanzibar `protobuf:"bytes,4,opt,name=zanzibar,proto3" json:"zanzibar,omitempty"` // zanzibar unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } @@ -59,6 +63,386 @@ func (*Authorization) Descriptor() ([]byte, []int) { return file_conf_v1_kratos_conf_authz_proto_rawDescGZIP(), []int{0} } +func (x *Authorization) GetType() string { + if x != nil { + return x.Type + } + return "" +} + +func (x *Authorization) GetCasbin() *Authorization_Casbin { + if x != nil { + return x.Casbin + } + return nil +} + +func (x *Authorization) GetOpa() *Authorization_OPA { + if x != nil { + return x.Opa + } + return nil +} + +func (x *Authorization) GetZanzibar() *Authorization_Zanzibar { + if x != nil { + return x.Zanzibar + } + return nil +} + +type Authorization_Casbin struct { + state protoimpl.MessageState `protogen:"open.v1"` + ModelPath *string `protobuf:"bytes,1,opt,name=model_path,json=modelPath,proto3,oneof" json:"model_path,omitempty"` // casbin 模型文件路径 + PolicyPath *string `protobuf:"bytes,2,opt,name=policy_path,json=policyPath,proto3,oneof" json:"policy_path,omitempty"` // casbin 策略文件路径 + Policies []string `protobuf:"bytes,10,rep,name=policies,proto3" json:"policies,omitempty"` // 策略列表 + Model *string `protobuf:"bytes,11,opt,name=model,proto3,oneof" json:"model,omitempty"` // 模型内容 + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *Authorization_Casbin) Reset() { + *x = Authorization_Casbin{} + mi := &file_conf_v1_kratos_conf_authz_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *Authorization_Casbin) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Authorization_Casbin) ProtoMessage() {} + +func (x *Authorization_Casbin) ProtoReflect() protoreflect.Message { + mi := &file_conf_v1_kratos_conf_authz_proto_msgTypes[1] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Authorization_Casbin.ProtoReflect.Descriptor instead. +func (*Authorization_Casbin) Descriptor() ([]byte, []int) { + return file_conf_v1_kratos_conf_authz_proto_rawDescGZIP(), []int{0, 0} +} + +func (x *Authorization_Casbin) GetModelPath() string { + if x != nil && x.ModelPath != nil { + return *x.ModelPath + } + return "" +} + +func (x *Authorization_Casbin) GetPolicyPath() string { + if x != nil && x.PolicyPath != nil { + return *x.PolicyPath + } + return "" +} + +func (x *Authorization_Casbin) GetPolicies() []string { + if x != nil { + return x.Policies + } + return nil +} + +func (x *Authorization_Casbin) GetModel() string { + if x != nil && x.Model != nil { + return *x.Model + } + return "" +} + +type Authorization_OPA struct { + state protoimpl.MessageState `protogen:"open.v1"` + Policies map[string]string `protobuf:"bytes,1,rep,name=policies,proto3" json:"policies,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` // OPA 策略列表 + Roles map[string]*Authorization_OPA_RoleActions `protobuf:"bytes,2,rep,name=roles,proto3" json:"roles,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` // + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *Authorization_OPA) Reset() { + *x = Authorization_OPA{} + mi := &file_conf_v1_kratos_conf_authz_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *Authorization_OPA) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Authorization_OPA) ProtoMessage() {} + +func (x *Authorization_OPA) ProtoReflect() protoreflect.Message { + mi := &file_conf_v1_kratos_conf_authz_proto_msgTypes[2] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Authorization_OPA.ProtoReflect.Descriptor instead. +func (*Authorization_OPA) Descriptor() ([]byte, []int) { + return file_conf_v1_kratos_conf_authz_proto_rawDescGZIP(), []int{0, 1} +} + +func (x *Authorization_OPA) GetPolicies() map[string]string { + if x != nil { + return x.Policies + } + return nil +} + +func (x *Authorization_OPA) GetRoles() map[string]*Authorization_OPA_RoleActions { + if x != nil { + return x.Roles + } + return nil +} + +type Authorization_Zanzibar struct { + state protoimpl.MessageState `protogen:"open.v1"` + Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"` // zanzibar 类型 + Keto *Authorization_Zanzibar_Keto `protobuf:"bytes,2,opt,name=keto,proto3,oneof" json:"keto,omitempty"` // Keto 配置 + OpenFga *Authorization_Zanzibar_OpenFga `protobuf:"bytes,3,opt,name=open_fga,json=openFga,proto3,oneof" json:"open_fga,omitempty"` // OpenFGA 配置 + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *Authorization_Zanzibar) Reset() { + *x = Authorization_Zanzibar{} + mi := &file_conf_v1_kratos_conf_authz_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *Authorization_Zanzibar) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Authorization_Zanzibar) ProtoMessage() {} + +func (x *Authorization_Zanzibar) ProtoReflect() protoreflect.Message { + mi := &file_conf_v1_kratos_conf_authz_proto_msgTypes[3] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Authorization_Zanzibar.ProtoReflect.Descriptor instead. +func (*Authorization_Zanzibar) Descriptor() ([]byte, []int) { + return file_conf_v1_kratos_conf_authz_proto_rawDescGZIP(), []int{0, 2} +} + +func (x *Authorization_Zanzibar) GetType() string { + if x != nil { + return x.Type + } + return "" +} + +func (x *Authorization_Zanzibar) GetKeto() *Authorization_Zanzibar_Keto { + if x != nil { + return x.Keto + } + return nil +} + +func (x *Authorization_Zanzibar) GetOpenFga() *Authorization_Zanzibar_OpenFga { + if x != nil { + return x.OpenFga + } + return nil +} + +type Authorization_OPA_RoleActions struct { + state protoimpl.MessageState `protogen:"open.v1"` + Actions []string `protobuf:"bytes,1,rep,name=actions,proto3" json:"actions,omitempty"` // 角色对应的操作列表 { + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *Authorization_OPA_RoleActions) Reset() { + *x = Authorization_OPA_RoleActions{} + mi := &file_conf_v1_kratos_conf_authz_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *Authorization_OPA_RoleActions) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Authorization_OPA_RoleActions) ProtoMessage() {} + +func (x *Authorization_OPA_RoleActions) ProtoReflect() protoreflect.Message { + mi := &file_conf_v1_kratos_conf_authz_proto_msgTypes[4] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Authorization_OPA_RoleActions.ProtoReflect.Descriptor instead. +func (*Authorization_OPA_RoleActions) Descriptor() ([]byte, []int) { + return file_conf_v1_kratos_conf_authz_proto_rawDescGZIP(), []int{0, 1, 0} +} + +func (x *Authorization_OPA_RoleActions) GetActions() []string { + if x != nil { + return x.Actions + } + return nil +} + +type Authorization_Zanzibar_Keto struct { + state protoimpl.MessageState `protogen:"open.v1"` + WriteUrl string `protobuf:"bytes,1,opt,name=write_url,json=writeUrl,proto3" json:"write_url,omitempty"` // 写入 URL + ReadUrl string `protobuf:"bytes,2,opt,name=read_url,json=readUrl,proto3" json:"read_url,omitempty"` // 读取 URL + UseGrpc bool `protobuf:"varint,3,opt,name=use_grpc,json=useGrpc,proto3" json:"use_grpc,omitempty"` // 是否使用 gRPC + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *Authorization_Zanzibar_Keto) Reset() { + *x = Authorization_Zanzibar_Keto{} + mi := &file_conf_v1_kratos_conf_authz_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *Authorization_Zanzibar_Keto) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Authorization_Zanzibar_Keto) ProtoMessage() {} + +func (x *Authorization_Zanzibar_Keto) ProtoReflect() protoreflect.Message { + mi := &file_conf_v1_kratos_conf_authz_proto_msgTypes[7] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Authorization_Zanzibar_Keto.ProtoReflect.Descriptor instead. +func (*Authorization_Zanzibar_Keto) Descriptor() ([]byte, []int) { + return file_conf_v1_kratos_conf_authz_proto_rawDescGZIP(), []int{0, 2, 0} +} + +func (x *Authorization_Zanzibar_Keto) GetWriteUrl() string { + if x != nil { + return x.WriteUrl + } + return "" +} + +func (x *Authorization_Zanzibar_Keto) GetReadUrl() string { + if x != nil { + return x.ReadUrl + } + return "" +} + +func (x *Authorization_Zanzibar_Keto) GetUseGrpc() bool { + if x != nil { + return x.UseGrpc + } + return false +} + +type Authorization_Zanzibar_OpenFga struct { + state protoimpl.MessageState `protogen:"open.v1"` + ApiUrl string `protobuf:"bytes,1,opt,name=api_url,json=apiUrl,proto3" json:"api_url,omitempty"` // OpenFGA API URL + StoreId string `protobuf:"bytes,2,opt,name=store_id,json=storeId,proto3" json:"store_id,omitempty"` // OpenFGA 存储 ID + Token string `protobuf:"bytes,3,opt,name=token,proto3" json:"token,omitempty"` // OpenFGA 访问令牌 + ClientId string `protobuf:"bytes,4,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"` // OpenFGA 客户端 ID + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *Authorization_Zanzibar_OpenFga) Reset() { + *x = Authorization_Zanzibar_OpenFga{} + mi := &file_conf_v1_kratos_conf_authz_proto_msgTypes[8] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *Authorization_Zanzibar_OpenFga) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Authorization_Zanzibar_OpenFga) ProtoMessage() {} + +func (x *Authorization_Zanzibar_OpenFga) ProtoReflect() protoreflect.Message { + mi := &file_conf_v1_kratos_conf_authz_proto_msgTypes[8] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Authorization_Zanzibar_OpenFga.ProtoReflect.Descriptor instead. +func (*Authorization_Zanzibar_OpenFga) Descriptor() ([]byte, []int) { + return file_conf_v1_kratos_conf_authz_proto_rawDescGZIP(), []int{0, 2, 1} +} + +func (x *Authorization_Zanzibar_OpenFga) GetApiUrl() string { + if x != nil { + return x.ApiUrl + } + return "" +} + +func (x *Authorization_Zanzibar_OpenFga) GetStoreId() string { + if x != nil { + return x.StoreId + } + return "" +} + +func (x *Authorization_Zanzibar_OpenFga) GetToken() string { + if x != nil { + return x.Token + } + return "" +} + +func (x *Authorization_Zanzibar_OpenFga) GetClientId() string { + if x != nil { + return x.ClientId + } + return "" +} + var File_conf_v1_kratos_conf_authz_proto protoreflect.FileDescriptor var file_conf_v1_kratos_conf_authz_proto_rawDesc = string([]byte{ @@ -66,17 +450,84 @@ var file_conf_v1_kratos_conf_authz_proto_rawDesc = string([]byte{ 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x6f, 0x6e, 0x66, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x0f, 0x0a, 0x0d, 0x41, 0x75, 0x74, 0x68, 0x6f, - 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x86, 0x01, 0x0a, 0x08, 0x63, 0x6f, 0x6d, - 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x42, 0x14, 0x4b, 0x72, 0x61, 0x74, 0x6f, 0x73, 0x43, 0x6f, 0x6e, - 0x66, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x34, 0x67, - 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x74, 0x78, 0x37, 0x64, 0x6f, 0x2f, - 0x6b, 0x72, 0x61, 0x74, 0x6f, 0x73, 0x2d, 0x62, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, - 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x67, 0x6f, 0x2f, 0x63, 0x6f, 0x6e, 0x66, - 0x2f, 0x76, 0x31, 0xa2, 0x02, 0x03, 0x43, 0x58, 0x58, 0xaa, 0x02, 0x04, 0x43, 0x6f, 0x6e, 0x66, - 0xca, 0x02, 0x04, 0x43, 0x6f, 0x6e, 0x66, 0xe2, 0x02, 0x10, 0x43, 0x6f, 0x6e, 0x66, 0x5c, 0x47, - 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x04, 0x43, 0x6f, 0x6e, - 0x66, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xc1, 0x08, 0x0a, 0x0d, 0x41, 0x75, 0x74, 0x68, + 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, + 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x32, 0x0a, + 0x06, 0x63, 0x61, 0x73, 0x62, 0x69, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, + 0x63, 0x6f, 0x6e, 0x66, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x2e, 0x43, 0x61, 0x73, 0x62, 0x69, 0x6e, 0x52, 0x06, 0x63, 0x61, 0x73, 0x62, 0x69, + 0x6e, 0x12, 0x29, 0x0a, 0x03, 0x6f, 0x70, 0x61, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, + 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x2e, 0x4f, 0x50, 0x41, 0x52, 0x03, 0x6f, 0x70, 0x61, 0x12, 0x38, 0x0a, 0x08, + 0x7a, 0x61, 0x6e, 0x7a, 0x69, 0x62, 0x61, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, + 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x2e, 0x5a, 0x61, 0x6e, 0x7a, 0x69, 0x62, 0x61, 0x72, 0x52, 0x08, 0x7a, 0x61, + 0x6e, 0x7a, 0x69, 0x62, 0x61, 0x72, 0x1a, 0xb2, 0x01, 0x0a, 0x06, 0x43, 0x61, 0x73, 0x62, 0x69, + 0x6e, 0x12, 0x22, 0x0a, 0x0a, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x09, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x50, 0x61, + 0x74, 0x68, 0x88, 0x01, 0x01, 0x12, 0x24, 0x0a, 0x0b, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x5f, + 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x48, 0x01, 0x52, 0x0a, 0x70, 0x6f, + 0x6c, 0x69, 0x63, 0x79, 0x50, 0x61, 0x74, 0x68, 0x88, 0x01, 0x01, 0x12, 0x1a, 0x0a, 0x08, 0x70, + 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x70, + 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x12, 0x19, 0x0a, 0x05, 0x6d, 0x6f, 0x64, 0x65, 0x6c, + 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x48, 0x02, 0x52, 0x05, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x88, + 0x01, 0x01, 0x42, 0x0d, 0x0a, 0x0b, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x5f, 0x70, 0x61, 0x74, + 0x68, 0x42, 0x0e, 0x0a, 0x0c, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x5f, 0x70, 0x61, 0x74, + 0x68, 0x42, 0x08, 0x0a, 0x06, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x1a, 0xc7, 0x02, 0x0a, 0x03, + 0x4f, 0x50, 0x41, 0x12, 0x41, 0x0a, 0x08, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x18, + 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x2e, 0x41, 0x75, 0x74, + 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x4f, 0x50, 0x41, 0x2e, 0x50, + 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x08, 0x70, 0x6f, + 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x12, 0x38, 0x0a, 0x05, 0x72, 0x6f, 0x6c, 0x65, 0x73, 0x18, + 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x2e, 0x41, 0x75, 0x74, + 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x4f, 0x50, 0x41, 0x2e, 0x52, + 0x6f, 0x6c, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x05, 0x72, 0x6f, 0x6c, 0x65, 0x73, + 0x1a, 0x27, 0x0a, 0x0b, 0x52, 0x6f, 0x6c, 0x65, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, + 0x18, 0x0a, 0x07, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, + 0x52, 0x07, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x1a, 0x3b, 0x0a, 0x0d, 0x50, 0x6f, 0x6c, + 0x69, 0x63, 0x69, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, + 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, + 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, + 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x5d, 0x0a, 0x0a, 0x52, 0x6f, 0x6c, 0x65, 0x73, 0x45, + 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x39, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x2e, 0x41, 0x75, 0x74, + 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x4f, 0x50, 0x41, 0x2e, 0x52, + 0x6f, 0x6c, 0x65, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, + 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x83, 0x03, 0x0a, 0x08, 0x5a, 0x61, 0x6e, 0x7a, 0x69, 0x62, + 0x61, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x3a, 0x0a, 0x04, 0x6b, 0x65, 0x74, 0x6f, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x2e, 0x41, 0x75, 0x74, 0x68, + 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x5a, 0x61, 0x6e, 0x7a, 0x69, 0x62, + 0x61, 0x72, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x48, 0x00, 0x52, 0x04, 0x6b, 0x65, 0x74, 0x6f, 0x88, + 0x01, 0x01, 0x12, 0x44, 0x0a, 0x08, 0x6f, 0x70, 0x65, 0x6e, 0x5f, 0x66, 0x67, 0x61, 0x18, 0x03, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x2e, 0x41, 0x75, 0x74, 0x68, + 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x5a, 0x61, 0x6e, 0x7a, 0x69, 0x62, + 0x61, 0x72, 0x2e, 0x4f, 0x70, 0x65, 0x6e, 0x46, 0x67, 0x61, 0x48, 0x01, 0x52, 0x07, 0x6f, 0x70, + 0x65, 0x6e, 0x46, 0x67, 0x61, 0x88, 0x01, 0x01, 0x1a, 0x59, 0x0a, 0x04, 0x4b, 0x65, 0x74, 0x6f, + 0x12, 0x1b, 0x0a, 0x09, 0x77, 0x72, 0x69, 0x74, 0x65, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x08, 0x77, 0x72, 0x69, 0x74, 0x65, 0x55, 0x72, 0x6c, 0x12, 0x19, 0x0a, + 0x08, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x07, 0x72, 0x65, 0x61, 0x64, 0x55, 0x72, 0x6c, 0x12, 0x19, 0x0a, 0x08, 0x75, 0x73, 0x65, 0x5f, + 0x67, 0x72, 0x70, 0x63, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x75, 0x73, 0x65, 0x47, + 0x72, 0x70, 0x63, 0x1a, 0x70, 0x0a, 0x07, 0x4f, 0x70, 0x65, 0x6e, 0x46, 0x67, 0x61, 0x12, 0x17, + 0x0a, 0x07, 0x61, 0x70, 0x69, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x06, 0x61, 0x70, 0x69, 0x55, 0x72, 0x6c, 0x12, 0x19, 0x0a, 0x08, 0x73, 0x74, 0x6f, 0x72, 0x65, + 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x73, 0x74, 0x6f, 0x72, 0x65, + 0x49, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x1b, 0x0a, 0x09, 0x63, 0x6c, 0x69, 0x65, + 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x63, 0x6c, 0x69, + 0x65, 0x6e, 0x74, 0x49, 0x64, 0x42, 0x07, 0x0a, 0x05, 0x5f, 0x6b, 0x65, 0x74, 0x6f, 0x42, 0x0b, + 0x0a, 0x09, 0x5f, 0x6f, 0x70, 0x65, 0x6e, 0x5f, 0x66, 0x67, 0x61, 0x42, 0x86, 0x01, 0x0a, 0x08, + 0x63, 0x6f, 0x6d, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x42, 0x14, 0x4b, 0x72, 0x61, 0x74, 0x6f, 0x73, + 0x43, 0x6f, 0x6e, 0x66, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, + 0x5a, 0x34, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x74, 0x78, 0x37, + 0x64, 0x6f, 0x2f, 0x6b, 0x72, 0x61, 0x74, 0x6f, 0x73, 0x2d, 0x62, 0x6f, 0x6f, 0x74, 0x73, 0x74, + 0x72, 0x61, 0x70, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x67, 0x6f, 0x2f, 0x63, + 0x6f, 0x6e, 0x66, 0x2f, 0x76, 0x31, 0xa2, 0x02, 0x03, 0x43, 0x58, 0x58, 0xaa, 0x02, 0x04, 0x43, + 0x6f, 0x6e, 0x66, 0xca, 0x02, 0x04, 0x43, 0x6f, 0x6e, 0x66, 0xe2, 0x02, 0x10, 0x43, 0x6f, 0x6e, + 0x66, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x04, + 0x43, 0x6f, 0x6e, 0x66, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, }) var ( @@ -91,16 +542,32 @@ func file_conf_v1_kratos_conf_authz_proto_rawDescGZIP() []byte { return file_conf_v1_kratos_conf_authz_proto_rawDescData } -var file_conf_v1_kratos_conf_authz_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_conf_v1_kratos_conf_authz_proto_msgTypes = make([]protoimpl.MessageInfo, 9) var file_conf_v1_kratos_conf_authz_proto_goTypes = []any{ - (*Authorization)(nil), // 0: conf.Authorization + (*Authorization)(nil), // 0: conf.Authorization + (*Authorization_Casbin)(nil), // 1: conf.Authorization.Casbin + (*Authorization_OPA)(nil), // 2: conf.Authorization.OPA + (*Authorization_Zanzibar)(nil), // 3: conf.Authorization.Zanzibar + (*Authorization_OPA_RoleActions)(nil), // 4: conf.Authorization.OPA.RoleActions + nil, // 5: conf.Authorization.OPA.PoliciesEntry + nil, // 6: conf.Authorization.OPA.RolesEntry + (*Authorization_Zanzibar_Keto)(nil), // 7: conf.Authorization.Zanzibar.Keto + (*Authorization_Zanzibar_OpenFga)(nil), // 8: conf.Authorization.Zanzibar.OpenFga } var file_conf_v1_kratos_conf_authz_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name + 1, // 0: conf.Authorization.casbin:type_name -> conf.Authorization.Casbin + 2, // 1: conf.Authorization.opa:type_name -> conf.Authorization.OPA + 3, // 2: conf.Authorization.zanzibar:type_name -> conf.Authorization.Zanzibar + 5, // 3: conf.Authorization.OPA.policies:type_name -> conf.Authorization.OPA.PoliciesEntry + 6, // 4: conf.Authorization.OPA.roles:type_name -> conf.Authorization.OPA.RolesEntry + 7, // 5: conf.Authorization.Zanzibar.keto:type_name -> conf.Authorization.Zanzibar.Keto + 8, // 6: conf.Authorization.Zanzibar.open_fga:type_name -> conf.Authorization.Zanzibar.OpenFga + 4, // 7: conf.Authorization.OPA.RolesEntry.value:type_name -> conf.Authorization.OPA.RoleActions + 8, // [8:8] is the sub-list for method output_type + 8, // [8:8] is the sub-list for method input_type + 8, // [8:8] is the sub-list for extension type_name + 8, // [8:8] is the sub-list for extension extendee + 0, // [0:8] is the sub-list for field type_name } func init() { file_conf_v1_kratos_conf_authz_proto_init() } @@ -108,13 +575,15 @@ func file_conf_v1_kratos_conf_authz_proto_init() { if File_conf_v1_kratos_conf_authz_proto != nil { return } + file_conf_v1_kratos_conf_authz_proto_msgTypes[1].OneofWrappers = []any{} + file_conf_v1_kratos_conf_authz_proto_msgTypes[3].OneofWrappers = []any{} type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: unsafe.Slice(unsafe.StringData(file_conf_v1_kratos_conf_authz_proto_rawDesc), len(file_conf_v1_kratos_conf_authz_proto_rawDesc)), NumEnums: 0, - NumMessages: 1, + NumMessages: 9, NumExtensions: 0, NumServices: 0, }, diff --git a/api/protos/conf/v1/kratos_conf_authn.proto b/api/protos/conf/v1/kratos_conf_authn.proto index db5a3b4..e3ca533 100644 --- a/api/protos/conf/v1/kratos_conf_authn.proto +++ b/api/protos/conf/v1/kratos_conf_authn.proto @@ -14,6 +14,19 @@ message Authentication { string key = 2; // JWT 秘钥 } + message OIDC { + string issuer_url = 1; + string audience = 2; + string method = 3; // JWT签名的算法,支持算法:HS256 + } - optional Jwt jwt = 1; + message PresharedKey { + repeated string valid_keys = 1; + } + + string type = 1; + + optional Jwt jwt = 2; // JWT 认证 + optional OIDC oidc = 3; // OIDC + optional PresharedKey preshared_key = 4; // 预共享密钥 } diff --git a/api/protos/conf/v1/kratos_conf_authz.proto b/api/protos/conf/v1/kratos_conf_authz.proto index 20bcaad..e225c09 100644 --- a/api/protos/conf/v1/kratos_conf_authz.proto +++ b/api/protos/conf/v1/kratos_conf_authz.proto @@ -8,4 +8,46 @@ import "google/protobuf/duration.proto"; // 授权 message Authorization { + message Casbin { + optional string model_path = 1; // casbin 模型文件路径 + optional string policy_path = 2; // casbin 策略文件路径 + + repeated string policies = 10; // 策略列表 + optional string model = 11; // 模型内容 + } + + message OPA { + message RoleActions { + repeated string actions = 1; // 角色对应的操作列表 { + } + + map policies = 1; // OPA 策略列表 + map roles = 2; // + } + + message Zanzibar { + message Keto { + string write_url = 1; // 写入 URL + string read_url = 2; // 读取 URL + bool use_grpc = 3; // 是否使用 gRPC + } + + message OpenFga { + string api_url = 1; // OpenFGA API URL + string store_id = 2; // OpenFGA 存储 ID + string token = 3; // OpenFGA 访问令牌 + string client_id = 4; // OpenFGA 客户端 ID + } + + string type = 1; // zanzibar 类型 + + optional Keto keto = 2; // Keto 配置 + optional OpenFga open_fga = 3; // OpenFGA 配置 + } + + string type = 1; + + Casbin casbin = 2; // casbin + OPA opa = 3; // OPA + Zanzibar zanzibar = 4; // zanzibar } diff --git a/tag.bat b/tag.bat index 2be6a49..4f3e7b1 100644 --- a/tag.bat +++ b/tag.bat @@ -1,4 +1,4 @@ -git tag api/v0.0.22 --force +git tag api/v0.0.23 --force git tag utils/v0.1.4 --force