polarismesh · chuntaojun · Jul 30, 2024 · Sep 25, 2022 · Oct 19, 2022 · Oct 19, 2022
diff --git a/admin/api.go b/admin/api.go
@@ -20,64 +20,39 @@ package admin
 import (
 	"context"
 
+	apisecurity "github.com/polarismesh/specification/source/go/api/v1/security"
 	apiservice "github.com/polarismesh/specification/source/go/api/v1/service_manage"
 
-	connlimit "github.com/polarismesh/polaris/common/conn/limit"
 	"github.com/polarismesh/polaris/common/model"
+	"github.com/polarismesh/polaris/common/model/admin"
 )
 
-type ConnReq struct {
-	Protocol string
-	Host     string
-	Port     int
-	Amount   int
-}
-
-type ConnCountResp struct {
-	Protocol string
-	Total    int32
-	Host     map[string]int32
-}
-
-type ConnStatsResp struct {
-	Protocol        string
-	ActiveConnTotal int32
-	StatsTotal      int
-	StatsSize       int
-	Stats           []*connlimit.HostConnStat
-}
-
-type ScopeLevel struct {
-	Name  string
-	Level string
-}
-
 // AdminOperateServer Maintain related operation
 type AdminOperateServer interface {
 	// GetServerConnections Get connection count
-	GetServerConnections(ctx context.Context, req *ConnReq) (*ConnCountResp, error)
+	GetServerConnections(ctx context.Context, req *admin.ConnReq) (*admin.ConnCountResp, error)
 	// GetServerConnStats 获取连接缓存里面的统计信息
-	GetServerConnStats(ctx context.Context, req *ConnReq) (*ConnStatsResp, error)
+	GetServerConnStats(ctx context.Context, req *admin.ConnReq) (*admin.ConnStatsResp, error)
 	// CloseConnections Close connection by ip
-	CloseConnections(ctx context.Context, reqs []ConnReq) error
+	CloseConnections(ctx context.Context, reqs []admin.ConnReq) error
 	// FreeOSMemory Free system memory
 	FreeOSMemory(ctx context.Context) error
 	// CleanInstance Clean deleted instance
 	CleanInstance(ctx context.Context, req *apiservice.Instance) *apiservice.Response
-
 	// BatchCleanInstances Batch clean deleted instances
 	BatchCleanInstances(ctx context.Context, batchSize uint32) (uint32, error)
 	// GetLastHeartbeat Get last heartbeat
 	GetLastHeartbeat(ctx context.Context, req *apiservice.Instance) *apiservice.Response
-
 	// GetLogOutputLevel Get log output level
-	GetLogOutputLevel(ctx context.Context) ([]ScopeLevel, error)
+	GetLogOutputLevel(ctx context.Context) ([]admin.ScopeLevel, error)
 	// SetLogOutputLevel Set log output level by scope
 	SetLogOutputLevel(ctx context.Context, scope string, level string) error
 	// ListLeaderElections
-	ListLeaderElections(ctx context.Context) ([]*model.LeaderElection, error)
+	ListLeaderElections(ctx context.Context) ([]*admin.LeaderElection, error)
 	// ReleaseLeaderElection
 	ReleaseLeaderElection(ctx context.Context, electKey string) error
 	// GetCMDBInfo get cmdb info
 	GetCMDBInfo(ctx context.Context) ([]model.LocationView, error)
+	// InitMainUser
+	InitMainUser(ctx context.Context, user apisecurity.User) error
 }
diff --git a/admin/maintain.go b/admin/maintain.go
@@ -24,19 +24,29 @@ import (
 	"time"
 
 	apimodel "github.com/polarismesh/specification/source/go/api/v1/model"
+	apisecurity "github.com/polarismesh/specification/source/go/api/v1/security"
 	apiservice "github.com/polarismesh/specification/source/go/api/v1/service_manage"
 	"go.uber.org/zap"
 
 	api "github.com/polarismesh/polaris/common/api/v1"
 	connlimit "github.com/polarismesh/polaris/common/conn/limit"
 	commonlog "github.com/polarismesh/polaris/common/log"
 	"github.com/polarismesh/polaris/common/model"
+	"github.com/polarismesh/polaris/common/model/admin"
 	commonstore "github.com/polarismesh/polaris/common/store"
 	"github.com/polarismesh/polaris/common/utils"
 	"github.com/polarismesh/polaris/plugin"
 )
 
-func (s *Server) GetServerConnections(_ context.Context, req *ConnReq) (*ConnCountResp, error) {
+func (s *Server) HasMainUser(ctx context.Context, user apisecurity.User) (bool, error) {
+	return false, nil
+}
+
+func (s *Server) InitMainUser(ctx context.Context, user apisecurity.User) error {
+	return nil
+}
+
+func (s *Server) GetServerConnections(_ context.Context, req *admin.ConnReq) (*admin.ConnCountResp, error) {
 	if req.Protocol == "" {
 		return nil, errors.New("missing param protocol")
 	}
@@ -46,7 +56,7 @@ func (s *Server) GetServerConnections(_ context.Context, req *ConnReq) (*ConnCou
 		return nil, errors.New("not found the protocol")
 	}
 
-	var resp = ConnCountResp{
+	var resp = admin.ConnCountResp{
 		Protocol: req.Protocol,
 		Total:    lis.GetListenerConnCount(),
 		Host:     map[string]int32{},
@@ -63,7 +73,7 @@ func (s *Server) GetServerConnections(_ context.Context, req *ConnReq) (*ConnCou
 	return &resp, nil
 }
 
-func (s *Server) GetServerConnStats(_ context.Context, req *ConnReq) (*ConnStatsResp, error) {
+func (s *Server) GetServerConnStats(_ context.Context, req *admin.ConnReq) (*admin.ConnStatsResp, error) {
 	if req.Protocol == "" {
 		return nil, errors.New("missing param protocol")
 	}
@@ -73,7 +83,7 @@ func (s *Server) GetServerConnStats(_ context.Context, req *ConnReq) (*ConnStats
 		return nil, errors.New("not found the protocol")
 	}
 
-	var resp ConnStatsResp
+	var resp admin.ConnStatsResp
 
 	resp.Protocol = req.Protocol
 	resp.ActiveConnTotal = lis.GetListenerConnCount()
@@ -100,7 +110,7 @@ func (s *Server) GetServerConnStats(_ context.Context, req *ConnReq) (*ConnStats
 	return &resp, nil
 }
 
-func (s *Server) CloseConnections(_ context.Context, reqs []ConnReq) error {
+func (s *Server) CloseConnections(_ context.Context, reqs []admin.ConnReq) error {
 	for _, entry := range reqs {
 		listener := connlimit.GetLimitListener(entry.Protocol)
 		if listener == nil {
@@ -172,11 +182,11 @@ func (s *Server) GetLastHeartbeat(_ context.Context, req *apiservice.Instance) *
 	return s.healthCheckServer.GetLastHeartbeat(req)
 }
 
-func (s *Server) GetLogOutputLevel(_ context.Context) ([]ScopeLevel, error) {
+func (s *Server) GetLogOutputLevel(_ context.Context) ([]admin.ScopeLevel, error) {
 	scopes := commonlog.Scopes()
-	out := make([]ScopeLevel, 0, len(scopes))
+	out := make([]admin.ScopeLevel, 0, len(scopes))
 	for k := range scopes {
-		out = append(out, ScopeLevel{
+		out = append(out, admin.ScopeLevel{
 			Name:  k,
 			Level: scopes[k].GetOutputLevel().Name(),
 		})
@@ -189,7 +199,7 @@ func (s *Server) SetLogOutputLevel(_ context.Context, scope string, level string
 	return commonlog.SetLogOutputLevel(scope, level)
 }
 
-func (s *Server) ListLeaderElections(_ context.Context) ([]*model.LeaderElection, error) {
+func (s *Server) ListLeaderElections(_ context.Context) ([]*admin.LeaderElection, error) {
 	return s.storage.ListLeaderElections()
 }
 

diff --git a/admin/maintain_authability.go b/admin/maintain_authability.go
@@ -20,19 +20,29 @@ package admin
 import (
 	"context"
 
+	apisecurity "github.com/polarismesh/specification/source/go/api/v1/security"
 	apiservice "github.com/polarismesh/specification/source/go/api/v1/service_manage"
 
 	api "github.com/polarismesh/polaris/common/api/v1"
 	"github.com/polarismesh/polaris/common/model"
+	"github.com/polarismesh/polaris/common/model/admin"
+	authcommon "github.com/polarismesh/polaris/common/model/auth"
 	"github.com/polarismesh/polaris/common/utils"
 )
 
 var _ AdminOperateServer = (*serverAuthAbility)(nil)
 
-func (svr *serverAuthAbility) GetServerConnections(ctx context.Context, req *ConnReq) (*ConnCountResp, error) {
-	authCtx := svr.collectMaintainAuthContext(ctx, model.Read, "GetServerConnections")
-	_, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx)
-	if err != nil {
+func (s *serverAuthAbility) HasMainUser(ctx context.Context) (bool, error) {
+	return false, nil
+}
+
+func (s *serverAuthAbility) InitMainUser(ctx context.Context, user apisecurity.User) error {
+	return nil
+}
+
+func (svr *serverAuthAbility) GetServerConnections(ctx context.Context, req *admin.ConnReq) (*admin.ConnCountResp, error) {
+	authCtx := svr.collectMaintainAuthContext(ctx, authcommon.Read, authcommon.DescribeServerConnections)
+	if _, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx); err != nil {
 		return nil, err
 	}
 
@@ -42,10 +52,9 @@ func (svr *serverAuthAbility) GetServerConnections(ctx context.Context, req *Con
 	return svr.targetServer.GetServerConnections(ctx, req)
 }
 
-func (svr *serverAuthAbility) GetServerConnStats(ctx context.Context, req *ConnReq) (*ConnStatsResp, error) {
-	authCtx := svr.collectMaintainAuthContext(ctx, model.Read, "GetServerConnStats")
-	_, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx)
-	if err != nil {
+func (svr *serverAuthAbility) GetServerConnStats(ctx context.Context, req *admin.ConnReq) (*admin.ConnStatsResp, error) {
+	authCtx := svr.collectMaintainAuthContext(ctx, authcommon.Read, authcommon.DescribeServerConnStats)
+	if _, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx); err != nil {
 		return nil, err
 	}
 
@@ -55,10 +64,9 @@ func (svr *serverAuthAbility) GetServerConnStats(ctx context.Context, req *ConnR
 	return svr.targetServer.GetServerConnStats(ctx, req)
 }
 
-func (svr *serverAuthAbility) CloseConnections(ctx context.Context, reqs []ConnReq) error {
-	authCtx := svr.collectMaintainAuthContext(ctx, model.Delete, "CloseConnections")
-	_, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx)
-	if err != nil {
+func (svr *serverAuthAbility) CloseConnections(ctx context.Context, reqs []admin.ConnReq) error {
+	authCtx := svr.collectMaintainAuthContext(ctx, authcommon.Delete, authcommon.CloseConnections)
+	if _, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx); err != nil {
 		return err
 	}
 
@@ -69,9 +77,8 @@ func (svr *serverAuthAbility) CloseConnections(ctx context.Context, reqs []ConnR
 }
 
 func (svr *serverAuthAbility) FreeOSMemory(ctx context.Context) error {
-	authCtx := svr.collectMaintainAuthContext(ctx, model.Modify, "FreeOSMemory")
-	_, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx)
-	if err != nil {
+	authCtx := svr.collectMaintainAuthContext(ctx, authcommon.Modify, authcommon.FreeOSMemory)
+	if _, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx); err != nil {
 		return err
 	}
 
@@ -82,9 +89,8 @@ func (svr *serverAuthAbility) FreeOSMemory(ctx context.Context) error {
 }
 
 func (svr *serverAuthAbility) CleanInstance(ctx context.Context, req *apiservice.Instance) *apiservice.Response {
-	authCtx := svr.collectMaintainAuthContext(ctx, model.Delete, "CleanInstance")
-	_, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx)
-	if err != nil {
+	authCtx := svr.collectMaintainAuthContext(ctx, authcommon.Delete, authcommon.CleanInstance)
+	if _, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx); err != nil {
 		return api.NewResponseWithMsg(convertToErrCode(err), err.Error())
 	}
 
@@ -95,19 +101,17 @@ func (svr *serverAuthAbility) CleanInstance(ctx context.Context, req *apiservice
 }
 
 func (svr *serverAuthAbility) BatchCleanInstances(ctx context.Context, batchSize uint32) (uint32, error) {
-	authCtx := svr.collectMaintainAuthContext(ctx, model.Delete, "BatchCleanInstances")
-	_, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx)
-	if err != nil {
+	authCtx := svr.collectMaintainAuthContext(ctx, authcommon.Delete, authcommon.BatchCleanInstances)
+	if _, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx); err != nil {
 		return 0, err
 	}
 
 	return svr.targetServer.BatchCleanInstances(ctx, batchSize)
 }
 
 func (svr *serverAuthAbility) GetLastHeartbeat(ctx context.Context, req *apiservice.Instance) *apiservice.Response {
-	authCtx := svr.collectMaintainAuthContext(ctx, model.Read, "GetLastHeartbeat")
-	_, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx)
-	if err != nil {
+	authCtx := svr.collectMaintainAuthContext(ctx, authcommon.Read, authcommon.DescribeInstanceLastHeartbeat)
+	if _, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx); err != nil {
 		return api.NewResponseWithMsg(convertToErrCode(err), err.Error())
 	}
 
@@ -117,10 +121,9 @@ func (svr *serverAuthAbility) GetLastHeartbeat(ctx context.Context, req *apiserv
 	return svr.targetServer.GetLastHeartbeat(ctx, req)
 }
 
-func (svr *serverAuthAbility) GetLogOutputLevel(ctx context.Context) ([]ScopeLevel, error) {
-	authCtx := svr.collectMaintainAuthContext(ctx, model.Read, "GetLogOutputLevel")
-	_, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx)
-	if err != nil {
+func (svr *serverAuthAbility) GetLogOutputLevel(ctx context.Context) ([]admin.ScopeLevel, error) {
+	authCtx := svr.collectMaintainAuthContext(ctx, authcommon.Read, authcommon.DescribeGetLogOutputLevel)
+	if _, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx); err != nil {
 		return nil, err
 	}
 
@@ -131,19 +134,17 @@ func (svr *serverAuthAbility) GetLogOutputLevel(ctx context.Context) ([]ScopeLev
 }
 
 func (svr *serverAuthAbility) SetLogOutputLevel(ctx context.Context, scope string, level string) error {
-	authCtx := svr.collectMaintainAuthContext(ctx, model.Modify, "SetLogOutputLevel")
-	_, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx)
-	if err != nil {
+	authCtx := svr.collectMaintainAuthContext(ctx, authcommon.Modify, authcommon.UpdateLogOutputLevel)
+	if _, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx); err != nil {
 		return err
 	}
 
 	return svr.targetServer.SetLogOutputLevel(ctx, scope, level)
 }
 
-func (svr *serverAuthAbility) ListLeaderElections(ctx context.Context) ([]*model.LeaderElection, error) {
-	authCtx := svr.collectMaintainAuthContext(ctx, model.Read, "ListLeaderElections")
-	_, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx)
-	if err != nil {
+func (svr *serverAuthAbility) ListLeaderElections(ctx context.Context) ([]*admin.LeaderElection, error) {
+	authCtx := svr.collectMaintainAuthContext(ctx, authcommon.Read, authcommon.DescribeLeaderElections)
+	if _, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx); err != nil {
 		return nil, err
 	}
 
@@ -154,9 +155,8 @@ func (svr *serverAuthAbility) ListLeaderElections(ctx context.Context) ([]*model
 }
 
 func (svr *serverAuthAbility) ReleaseLeaderElection(ctx context.Context, electKey string) error {
-	authCtx := svr.collectMaintainAuthContext(ctx, model.Modify, "ReleaseLeaderElection")
-	_, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx)
-	if err != nil {
+	authCtx := svr.collectMaintainAuthContext(ctx, authcommon.Modify, authcommon.ReleaseLeaderElection)
+	if _, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx); err != nil {
 		return err
 	}
 
@@ -167,9 +167,8 @@ func (svr *serverAuthAbility) ReleaseLeaderElection(ctx context.Context, electKe
 }
 
 func (svr *serverAuthAbility) GetCMDBInfo(ctx context.Context) ([]model.LocationView, error) {
-	authCtx := svr.collectMaintainAuthContext(ctx, model.Read, "GetCMDBInfo")
-	_, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx)
-	if err != nil {
+	authCtx := svr.collectMaintainAuthContext(ctx, authcommon.Read, authcommon.DescribeCMDBInfo)
+	if _, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx); err != nil {
 		return nil, err
 	}
 

diff --git a/admin/server_authability.go b/admin/server_authability.go
@@ -24,7 +24,7 @@ import (
 	apimodel "github.com/polarismesh/specification/source/go/api/v1/model"
 
 	"github.com/polarismesh/polaris/auth"
-	"github.com/polarismesh/polaris/common/model"
+	authcommon "github.com/polarismesh/polaris/common/model/auth"
 )
 
 // serverAuthAbility 带有鉴权能力的 maintainServer
@@ -45,22 +45,22 @@ func newServerAuthAbility(targetServer *Server,
 	return proxy
 }
 
-func (svr *serverAuthAbility) collectMaintainAuthContext(ctx context.Context, resourceOp model.ResourceOperation,
-	methodName string) *model.AcquireContext {
-	return model.NewAcquireContext(
-		model.WithRequestContext(ctx),
-		model.WithOperation(resourceOp),
-		model.WithModule(model.MaintainModule),
-		model.WithMethod(methodName),
+func (svr *serverAuthAbility) collectMaintainAuthContext(ctx context.Context, resourceOp authcommon.ResourceOperation,
+	methodName authcommon.ServerFunctionName) *authcommon.AcquireContext {
+	return authcommon.NewAcquireContext(
+		authcommon.WithRequestContext(ctx),
+		authcommon.WithOperation(resourceOp),
+		authcommon.WithModule(authcommon.MaintainModule),
+		authcommon.WithMethod(methodName),
 	)
 }
 
 func convertToErrCode(err error) apimodel.Code {
-	if errors.Is(err, model.ErrorTokenNotExist) {
+	if errors.Is(err, authcommon.ErrorTokenNotExist) {
 		return apimodel.Code_TokenNotExisted
 	}
 
-	if errors.Is(err, model.ErrorTokenDisabled) {
+	if errors.Is(err, authcommon.ErrorTokenDisabled) {
 		return apimodel.Code_TokenDisabled
 	}