From 84fba4d381cace155746b6c8f9c9215f402e6503 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BD=95=E4=B9=90=E5=A4=A9?= <869759838@qq.com> Date: Thu, 17 Nov 2022 18:46:06 +0800 Subject: [PATCH 01/12] update --- core/iam/src/basic/dto/iam_cert_dto.rs | 6 ++ core/iam/src/basic/serv/iam_cert_aksk_serv.rs | 101 ++++++++++++++++-- 2 files changed, 101 insertions(+), 6 deletions(-) diff --git a/core/iam/src/basic/dto/iam_cert_dto.rs b/core/iam/src/basic/dto/iam_cert_dto.rs index ca050c04a..c5c3adb07 100644 --- a/core/iam/src/basic/dto/iam_cert_dto.rs +++ b/core/iam/src/basic/dto/iam_cert_dto.rs @@ -128,3 +128,9 @@ pub struct IamCertLdapAddOrModifyReq { #[oai(validator(min_length = "2", max_length = "2000"))] pub dn: TrimString, } + +#[derive(poem_openapi::Object, Serialize, Deserialize, Debug)] +pub struct IamCertAkSkAddReq{ + pub ak:String, + pub sk:String, +} diff --git a/core/iam/src/basic/serv/iam_cert_aksk_serv.rs b/core/iam/src/basic/serv/iam_cert_aksk_serv.rs index c61df1bd0..e790e8f6f 100644 --- a/core/iam/src/basic/serv/iam_cert_aksk_serv.rs +++ b/core/iam/src/basic/serv/iam_cert_aksk_serv.rs @@ -1,14 +1,103 @@ -use tardis::{ - basic::{dto::TardisContext, result::TardisResult}, - TardisFunsInst, -}; +use tardis::{basic::{dto::TardisContext, result::TardisResult}, TardisFuns, TardisFunsInst}; +use tardis::basic::field::TrimString; +use bios_basic::rbum::dto::rbum_cert_conf_dto::{RbumCertConfAddReq, RbumCertConfModifyReq}; +use bios_basic::rbum::dto::rbum_cert_dto::RbumCertAddReq; +use bios_basic::rbum::rbum_enumeration::{RbumCertConfStatusKind, RbumCertRelKind, RbumCertStatusKind}; +use bios_basic::rbum::serv::rbum_cert_serv::{RbumCertConfServ, RbumCertServ}; +use bios_basic::rbum::serv::rbum_crud_serv::RbumCrudOperation; -use crate::basic::dto::iam_cert_conf_dto::IamCertConfAkSkAddOrModifyReq; +use crate::basic::dto::iam_cert_conf_dto::{IamCertConfAkSkAddOrModifyReq, IamCertConfMailVCodeAddOrModifyReq}; +use crate::basic::dto::iam_cert_dto::{IamCertAkSkAddReq, IamCertMailVCodeAddReq}; +use crate::iam_config::IamBasicConfigApi; +use crate::iam_enumeration::IamCertKernelKind; pub struct IamCertAkSkServ; impl IamCertAkSkServ { + ///rel_iam_item_id app_id pub async fn add_cert_conf(add_req: &IamCertConfAkSkAddOrModifyReq, rel_iam_item_id: Option, funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult { - Ok("//todo".into()) + let id = RbumCertConfServ::add_rbum( + &mut RbumCertConfAddReq { + kind: TrimString(IamCertKernelKind::AkSk.to_string()), + supplier: None, + name: TrimString(IamCertKernelKind::AkSk.to_string()), + note: None, + ak_note: None, + ak_rule: None, + sk_note: None, + sk_rule: None, + ext: None, + sk_need: Some(false), + sk_dynamic: None, + sk_encrypted: Some(false), + repeatable: None, + is_basic: Some(false), + is_ak_repeatable: None, + rest_by_kinds: None, + expire_sec: None, + sk_lock_cycle_sec: None, + sk_lock_err_times: None, + sk_lock_duration_sec: None, + coexist_num: Some(1), + conn_uri: None, + status: RbumCertConfStatusKind::Enabled, + rel_rbum_domain_id: funs.iam_basic_domain_iam_id(), + rel_rbum_item_id: rel_iam_item_id, + }, + funs, + ctx, + ) + .await?; + Ok(id) + } + + pub async fn modify_cert_conf(id: &str, modify_req: &IamCertConfAkSkAddOrModifyReq, funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult<()> { + RbumCertConfServ::modify_rbum(id, &mut RbumCertConfModifyReq { + name: None, + note: None, + ak_note: None, + ak_rule: None, + sk_note: None, + sk_rule: None, + ext: None, + sk_need: None, + sk_encrypted: None, + repeatable: None, + is_basic: None, + rest_by_kinds: None, + expire_sec: None, + sk_lock_cycle_sec: None, + sk_lock_err_times: None, + sk_lock_duration_sec: None, + coexist_num: None, + conn_uri: None, + status: None, + }, funs, ctx); + Ok(()) + } + + pub async fn add_cert(add_req: &IamCertAkSkAddReq, app_id: &str, rel_rbum_cert_conf_id: &str, funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult { + let id = RbumCertServ::add_rbum( + &mut RbumCertAddReq { + ak: add_req.ak.into(), + sk: Some(add_req.sk.into()), + kind: None, + supplier: None, + vcode: None, + ext: None, + start_time: None, + end_time: None, + conn_uri: None, + status: RbumCertStatusKind::Enabled, + rel_rbum_cert_conf_id: Some(rel_rbum_cert_conf_id.to_string()), + rel_rbum_kind: RbumCertRelKind::Item, + rel_rbum_id: app_id.to_string(), + is_outside: false, + }, + funs, + ctx, + ) + .await?; + Ok(id) } } From d799abf1dbef93ae86499eebfc8e32723b57fca0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BD=95=E4=B9=90=E5=A4=A9?= <869759838@qq.com> Date: Thu, 17 Nov 2022 19:01:51 +0800 Subject: [PATCH 02/12] update --- core/iam/src/console_interface/serv.rs | 2 +- .../serv/iam_ci_cert_aksk_serv.rs | 21 +++++++++++++++++++ .../serv/iam_cp_cert_aksk_serv.rs | 4 ---- 3 files changed, 22 insertions(+), 5 deletions(-) create mode 100644 core/iam/src/console_interface/serv/iam_ci_cert_aksk_serv.rs delete mode 100644 core/iam/src/console_interface/serv/iam_cp_cert_aksk_serv.rs diff --git a/core/iam/src/console_interface/serv.rs b/core/iam/src/console_interface/serv.rs index fb3a4356d..8abdfcfe2 100644 --- a/core/iam/src/console_interface/serv.rs +++ b/core/iam/src/console_interface/serv.rs @@ -1 +1 @@ -pub mod iam_cp_cert_aksk_serv; +pub mod iam_ci_cert_aksk_serv; diff --git a/core/iam/src/console_interface/serv/iam_ci_cert_aksk_serv.rs b/core/iam/src/console_interface/serv/iam_ci_cert_aksk_serv.rs new file mode 100644 index 000000000..7046b2ce7 --- /dev/null +++ b/core/iam/src/console_interface/serv/iam_ci_cert_aksk_serv.rs @@ -0,0 +1,21 @@ +use tardis::basic::dto::TardisContext; +use tardis::basic::result::TardisResult; +use tardis::{TardisFuns, TardisFunsInst}; +use bios_basic::rbum::dto::rbum_cert_dto::RbumCertAddReq; +use bios_basic::rbum::rbum_enumeration::{RbumCertRelKind, RbumCertStatusKind}; +use bios_basic::rbum::serv::rbum_cert_serv::RbumCertServ; +use bios_basic::rbum::serv::rbum_crud_serv::RbumCrudOperation; +use crate::basic::dto::iam_cert_dto::IamCertAkSkAddReq; +use crate::basic::serv::iam_cert_aksk_serv::IamCertAkSkServ; + +pub struct IamCiCertAkSkServ; + + +impl IamCiCertAkSkServ { + pub async fn general_cert(app_id: &str, rel_rbum_cert_conf_id: &str, funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult { + let ak = TardisFuns::crypto.key.generate_ak()?; + let sk = TardisFuns::crypto.key.generate_sk(&ak)?; + + let cert_id = IamCertAkSkServ::add_cert(&IamCertAkSkAddReq { ak, sk }, app_id, rel_rbum_cert_conf_id, funs, ctx).await?; + } +} diff --git a/core/iam/src/console_interface/serv/iam_cp_cert_aksk_serv.rs b/core/iam/src/console_interface/serv/iam_cp_cert_aksk_serv.rs deleted file mode 100644 index fae54eee2..000000000 --- a/core/iam/src/console_interface/serv/iam_cp_cert_aksk_serv.rs +++ /dev/null @@ -1,4 +0,0 @@ -pub struct IamCpCertAkSkServ; -// todo add_cert TardisFuns::crypto.key.generate_ak() \ -// TardisFuns::crypto.key.generate_sk() -impl IamCpCertAkSkServ {} From f0bf8c8dabe3e1f42321c1c35976d2d24c2b8d9a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BD=95=E4=B9=90=E5=A4=A9?= <869759838@qq.com> Date: Fri, 18 Nov 2022 16:07:55 +0800 Subject: [PATCH 03/12] update --- basic/src/rbum/rbum_enumeration.rs | 2 +- core/iam/src/basic/dto/iam_cert_dto.rs | 13 +++- core/iam/src/basic/serv/iam_cert_aksk_serv.rs | 73 ++++++++++++------- core/iam/src/basic/serv/iam_key_cache_serv.rs | 21 ++++++ core/iam/src/console_interface.rs | 1 + core/iam/src/console_interface/api.rs | 1 + .../console_interface/api/iam_ci_cert_api.rs | 19 +++++ .../serv/iam_ci_cert_aksk_serv.rs | 19 ++--- core/iam/src/iam_config.rs | 3 + 9 files changed, 112 insertions(+), 40 deletions(-) create mode 100644 core/iam/src/console_interface/api.rs create mode 100644 core/iam/src/console_interface/api/iam_ci_cert_api.rs diff --git a/basic/src/rbum/rbum_enumeration.rs b/basic/src/rbum/rbum_enumeration.rs index c120cb64a..3703fab9b 100644 --- a/basic/src/rbum/rbum_enumeration.rs +++ b/basic/src/rbum/rbum_enumeration.rs @@ -260,7 +260,7 @@ pub enum RbumWidgetTypeKind { Switch, Select, Group, // Display group subtitles, datatype = String, value is empty - Json, // Json fields : all parent_attr_name = current attribute, datatype = Json + Json, // Json fields : all parent_attr_name = current attribute, datatype = Json Array, // Sub fields : all parent_attr_name = current attribute, datatype = Array, The value of the json array is stored to the current field. } diff --git a/core/iam/src/basic/dto/iam_cert_dto.rs b/core/iam/src/basic/dto/iam_cert_dto.rs index c5c3adb07..570273a12 100644 --- a/core/iam/src/basic/dto/iam_cert_dto.rs +++ b/core/iam/src/basic/dto/iam_cert_dto.rs @@ -130,7 +130,14 @@ pub struct IamCertLdapAddOrModifyReq { } #[derive(poem_openapi::Object, Serialize, Deserialize, Debug)] -pub struct IamCertAkSkAddReq{ - pub ak:String, - pub sk:String, +pub struct IamCertAkSkAddReq { + pub ak: String, + pub sk: String, +} + +#[derive(poem_openapi::Object, Serialize, Deserialize, Debug)] +pub struct IamCertAkSkResp{ + pub id:String, + pub ak: String, + pub sk: String, } diff --git a/core/iam/src/basic/serv/iam_cert_aksk_serv.rs b/core/iam/src/basic/serv/iam_cert_aksk_serv.rs index e790e8f6f..01833478b 100644 --- a/core/iam/src/basic/serv/iam_cert_aksk_serv.rs +++ b/core/iam/src/basic/serv/iam_cert_aksk_serv.rs @@ -1,13 +1,19 @@ -use tardis::{basic::{dto::TardisContext, result::TardisResult}, TardisFuns, TardisFunsInst}; -use tardis::basic::field::TrimString; use bios_basic::rbum::dto::rbum_cert_conf_dto::{RbumCertConfAddReq, RbumCertConfModifyReq}; use bios_basic::rbum::dto::rbum_cert_dto::RbumCertAddReq; +use bios_basic::rbum::dto::rbum_filer_dto::RbumCertFilterReq; use bios_basic::rbum::rbum_enumeration::{RbumCertConfStatusKind, RbumCertRelKind, RbumCertStatusKind}; use bios_basic::rbum::serv::rbum_cert_serv::{RbumCertConfServ, RbumCertServ}; use bios_basic::rbum::serv::rbum_crud_serv::RbumCrudOperation; +use tardis::basic::field::TrimString; +use tardis::db::sea_orm::sea_query::ColumnSpec::Default; +use tardis::{ + basic::{dto::TardisContext, result::TardisResult}, + TardisFuns, TardisFunsInst, +}; use crate::basic::dto::iam_cert_conf_dto::{IamCertConfAkSkAddOrModifyReq, IamCertConfMailVCodeAddOrModifyReq}; use crate::basic::dto::iam_cert_dto::{IamCertAkSkAddReq, IamCertMailVCodeAddReq}; +use crate::basic::serv::iam_key_cache_serv::IamIdentCacheServ; use crate::iam_config::IamBasicConfigApi; use crate::iam_enumeration::IamCertKernelKind; @@ -47,36 +53,42 @@ impl IamCertAkSkServ { funs, ctx, ) - .await?; + .await?; Ok(id) } + ///never use pub async fn modify_cert_conf(id: &str, modify_req: &IamCertConfAkSkAddOrModifyReq, funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult<()> { - RbumCertConfServ::modify_rbum(id, &mut RbumCertConfModifyReq { - name: None, - note: None, - ak_note: None, - ak_rule: None, - sk_note: None, - sk_rule: None, - ext: None, - sk_need: None, - sk_encrypted: None, - repeatable: None, - is_basic: None, - rest_by_kinds: None, - expire_sec: None, - sk_lock_cycle_sec: None, - sk_lock_err_times: None, - sk_lock_duration_sec: None, - coexist_num: None, - conn_uri: None, - status: None, - }, funs, ctx); + RbumCertConfServ::modify_rbum( + id, + &mut RbumCertConfModifyReq { + name: None, + note: None, + ak_note: None, + ak_rule: None, + sk_note: None, + sk_rule: None, + ext: None, + sk_need: None, + sk_encrypted: None, + repeatable: None, + is_basic: None, + rest_by_kinds: None, + expire_sec: None, + sk_lock_cycle_sec: None, + sk_lock_err_times: None, + sk_lock_duration_sec: None, + coexist_num: None, + conn_uri: None, + status: None, + }, + funs, + ctx, + ); Ok(()) } - pub async fn add_cert(add_req: &IamCertAkSkAddReq, app_id: &str, rel_rbum_cert_conf_id: &str, funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult { + pub async fn add_cert(add_req: &IamCertAkSkAddReq, rel_rbum_id: &str, rel_rbum_cert_conf_id: &str, funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult { let id = RbumCertServ::add_rbum( &mut RbumCertAddReq { ak: add_req.ak.into(), @@ -91,13 +103,20 @@ impl IamCertAkSkServ { status: RbumCertStatusKind::Enabled, rel_rbum_cert_conf_id: Some(rel_rbum_cert_conf_id.to_string()), rel_rbum_kind: RbumCertRelKind::Item, - rel_rbum_id: app_id.to_string(), + rel_rbum_id: rel_rbum_id.to_string(), is_outside: false, }, funs, ctx, ) - .await?; + .await?; + IamIdentCacheServ::add_aksk(&add_req.ak, &add_req.sk, rel_rbum_id, funs); Ok(id) } + pub async fn delete_cert(id: &str, funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult<()> { + let resp = RbumCertServ::peek_rbum(id, &RbumCertFilterReq { ..Default::default() }, funs, ctx).await?; + RbumCertServ::delete_rbum(id, funs, ctx).await?; + IamIdentCacheServ::delete_aksk(&resp.ak, funs); + Ok(()) + } } diff --git a/core/iam/src/basic/serv/iam_key_cache_serv.rs b/core/iam/src/basic/serv/iam_key_cache_serv.rs index 9ac730329..94b7ad02d 100644 --- a/core/iam/src/basic/serv/iam_key_cache_serv.rs +++ b/core/iam/src/basic/serv/iam_key_cache_serv.rs @@ -226,6 +226,27 @@ impl IamIdentCacheServ { } Err(funs.err().not_found("iam_cache_context", "get", "not found context", "404-iam-cache-context-not-exist")) } + + pub async fn add_aksk(ak: &str, sk: &str, rel_iam_item_id: &str, funs: &TardisFunsInst) -> TardisResult<()> { + log::trace!("add aksk: ak={},sk={}", ak, sk); + + funs.cache() + .set( + format!("{}{}", funs.conf::().cache_key_aksk_info_, ak).as_str(), + format!("{},{}", sk, rel_iam_item_id,).as_str(), + ) + .await?; + + Ok(()) + } + + pub async fn delete_aksk(ak: &str, funs: &TardisFunsInst) -> TardisResult<()> { + log::trace!("delete aksk: ak={}", ak); + + funs.cache().del(format!("{}{}", funs.conf::().cache_key_aksk_info_, ak).as_str()).await?; + + Ok(()) + } } pub struct IamResCacheServ; diff --git a/core/iam/src/console_interface.rs b/core/iam/src/console_interface.rs index 39d274858..db1bdcda1 100644 --- a/core/iam/src/console_interface.rs +++ b/core/iam/src/console_interface.rs @@ -1 +1,2 @@ +pub mod api; pub mod serv; diff --git a/core/iam/src/console_interface/api.rs b/core/iam/src/console_interface/api.rs new file mode 100644 index 000000000..a532ef38f --- /dev/null +++ b/core/iam/src/console_interface/api.rs @@ -0,0 +1 @@ +pub mod iam_ci_cert_api; diff --git a/core/iam/src/console_interface/api/iam_ci_cert_api.rs b/core/iam/src/console_interface/api/iam_ci_cert_api.rs new file mode 100644 index 000000000..5fc16f172 --- /dev/null +++ b/core/iam/src/console_interface/api/iam_ci_cert_api.rs @@ -0,0 +1,19 @@ +use crate::console_interface::serv::iam_ci_cert_aksk_serv::IamCiCertAkSkServ; +use crate::iam_constants; +use tardis::web::context_extractor::TardisContextExtractor; +use tardis::web::web_resp::{TardisApiResult, TardisResp}; +use crate::basic::dto::iam_cert_dto::IamCertAkSkResp; + +pub struct IamCiCertApi; + +/// Interface Console Cert API +#[poem_openapi::OpenApi(prefix_path = "/ci", tag = "bios_basic::ApiTag::Interface")] +impl IamCiCertApi { + /// add aksk cert + #[oai(path = "/aksk", method = "put")] + async fn aksk(&self, app_id: &str, ctx: TardisContextExtractor) -> TardisApiResult { + let funs = iam_constants::get_tardis_inst(); + let result = IamCiCertAkSkServ::general_cert(app_id, &funs, &ctx.0).await?; + TardisResp::ok(result) + } +} diff --git a/core/iam/src/console_interface/serv/iam_ci_cert_aksk_serv.rs b/core/iam/src/console_interface/serv/iam_ci_cert_aksk_serv.rs index 7046b2ce7..149f2d4fc 100644 --- a/core/iam/src/console_interface/serv/iam_ci_cert_aksk_serv.rs +++ b/core/iam/src/console_interface/serv/iam_ci_cert_aksk_serv.rs @@ -1,21 +1,22 @@ +use crate::basic::dto::iam_cert_dto::{IamCertAkSkAddReq, IamCertAkSkResp}; +use crate::basic::serv::iam_cert_aksk_serv::IamCertAkSkServ; +use crate::basic::serv::iam_cert_serv::IamCertServ; +use crate::basic::serv::iam_tenant_serv::IamTenantServ; +use crate::iam_enumeration::IamCertKernelKind; +use bios_basic::rbum::rbum_enumeration::RbumCertStatusKind; use tardis::basic::dto::TardisContext; use tardis::basic::result::TardisResult; use tardis::{TardisFuns, TardisFunsInst}; -use bios_basic::rbum::dto::rbum_cert_dto::RbumCertAddReq; -use bios_basic::rbum::rbum_enumeration::{RbumCertRelKind, RbumCertStatusKind}; -use bios_basic::rbum::serv::rbum_cert_serv::RbumCertServ; -use bios_basic::rbum::serv::rbum_crud_serv::RbumCrudOperation; -use crate::basic::dto::iam_cert_dto::IamCertAkSkAddReq; -use crate::basic::serv::iam_cert_aksk_serv::IamCertAkSkServ; pub struct IamCiCertAkSkServ; - impl IamCiCertAkSkServ { - pub async fn general_cert(app_id: &str, rel_rbum_cert_conf_id: &str, funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult { + pub async fn general_cert(app_id: &str, funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult { + let cert_conf_id = IamCertServ::get_cert_conf_id_by_kind(IamCertKernelKind::AkSk.to_string().as_str(), Some(IamTenantServ::get_id_by_ctx(ctx, funs)?), funs).await?; let ak = TardisFuns::crypto.key.generate_ak()?; let sk = TardisFuns::crypto.key.generate_sk(&ak)?; - let cert_id = IamCertAkSkServ::add_cert(&IamCertAkSkAddReq { ak, sk }, app_id, rel_rbum_cert_conf_id, funs, ctx).await?; + let cert_id = IamCertAkSkServ::add_cert(&IamCertAkSkAddReq { ak: ak.clone(), sk: sk.clone() }, app_id, &cert_conf_id, funs, ctx).await?; + Ok(IamCertAkSkResp { id: cert_id, ak, sk }) } } diff --git a/core/iam/src/iam_config.rs b/core/iam/src/iam_config.rs index 08aca6684..f0cb95e7d 100644 --- a/core/iam/src/iam_config.rs +++ b/core/iam/src/iam_config.rs @@ -16,6 +16,8 @@ pub struct IamConfig { pub rbum: RbumConfig, // token -> (token_kind, account_id) pub cache_key_token_info_: String, + // ak -> (sk,tenant_id,[appid]) + pub cache_key_aksk_info_: String, // account_id -> [token, (token_kind, add_time)] pub cache_key_account_rel_: String, // account_id -> { @@ -84,6 +86,7 @@ impl Default for IamConfig { IamConfig { rbum: Default::default(), cache_key_token_info_: "iam:cache:token:info:".to_string(), + cache_key_aksk_info_: "iam:cache:aksk:info:".to_string(), cache_key_account_rel_: "iam:cache:account:rel:".to_string(), cache_key_account_info_: "iam:cache:account:info:".to_string(), cache_key_role_info_: "iam:cache:role:info:".to_string(), From 652ec063136fa9cec2659defd8f0589de5499d11 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BD=95=E4=B9=90=E5=A4=A9?= <869759838@qq.com> Date: Fri, 18 Nov 2022 16:57:19 +0800 Subject: [PATCH 04/12] update --- core/iam/src/basic/dto/iam_cert_dto.rs | 4 ++-- .../console_interface/api/iam_ci_cert_api.rs | 18 ++++++++++++++---- .../serv/iam_ci_cert_aksk_serv.rs | 5 +++++ .../api/iam_ct_cert_manage_api.rs | 6 +++--- 4 files changed, 24 insertions(+), 9 deletions(-) diff --git a/core/iam/src/basic/dto/iam_cert_dto.rs b/core/iam/src/basic/dto/iam_cert_dto.rs index 570273a12..9b50e1063 100644 --- a/core/iam/src/basic/dto/iam_cert_dto.rs +++ b/core/iam/src/basic/dto/iam_cert_dto.rs @@ -136,8 +136,8 @@ pub struct IamCertAkSkAddReq { } #[derive(poem_openapi::Object, Serialize, Deserialize, Debug)] -pub struct IamCertAkSkResp{ - pub id:String, +pub struct IamCertAkSkResp { + pub id: String, pub ak: String, pub sk: String, } diff --git a/core/iam/src/console_interface/api/iam_ci_cert_api.rs b/core/iam/src/console_interface/api/iam_ci_cert_api.rs index 5fc16f172..dad7cc544 100644 --- a/core/iam/src/console_interface/api/iam_ci_cert_api.rs +++ b/core/iam/src/console_interface/api/iam_ci_cert_api.rs @@ -1,8 +1,11 @@ +use crate::basic::dto::iam_cert_dto::IamCertAkSkResp; use crate::console_interface::serv::iam_ci_cert_aksk_serv::IamCiCertAkSkServ; use crate::iam_constants; use tardis::web::context_extractor::TardisContextExtractor; -use tardis::web::web_resp::{TardisApiResult, TardisResp}; -use crate::basic::dto::iam_cert_dto::IamCertAkSkResp; +use tardis::web::poem_openapi; +use tardis::web::poem_openapi::param::Query; +use tardis::web::poem_openapi::{param::Path, payload::Json, Tags}; +use tardis::web::web_resp::{TardisApiResult, TardisResp, Void}; pub struct IamCiCertApi; @@ -10,10 +13,17 @@ pub struct IamCiCertApi; #[poem_openapi::OpenApi(prefix_path = "/ci", tag = "bios_basic::ApiTag::Interface")] impl IamCiCertApi { /// add aksk cert - #[oai(path = "/aksk", method = "put")] - async fn aksk(&self, app_id: &str, ctx: TardisContextExtractor) -> TardisApiResult { + // #[oai(path = "/aksk", method = "put")] + async fn add_aksk(&self, app_id: &str, ctx: TardisContextExtractor) -> TardisApiResult { let funs = iam_constants::get_tardis_inst(); let result = IamCiCertAkSkServ::general_cert(app_id, &funs, &ctx.0).await?; TardisResp::ok(result) } + + // #[oai(path = "/conf/aksk", method = "delete")] + async fn delete_aksk(&self, id: &str, ctx: TardisContextExtractor) -> TardisApiResult { + let funs = iam_constants::get_tardis_inst(); + let result = IamCiCertAkSkServ::delete_cert(id, &funs, &ctx.0).await?; + TardisResp::ok(Void) + } } diff --git a/core/iam/src/console_interface/serv/iam_ci_cert_aksk_serv.rs b/core/iam/src/console_interface/serv/iam_ci_cert_aksk_serv.rs index 149f2d4fc..0d9a609a7 100644 --- a/core/iam/src/console_interface/serv/iam_ci_cert_aksk_serv.rs +++ b/core/iam/src/console_interface/serv/iam_ci_cert_aksk_serv.rs @@ -4,6 +4,7 @@ use crate::basic::serv::iam_cert_serv::IamCertServ; use crate::basic::serv::iam_tenant_serv::IamTenantServ; use crate::iam_enumeration::IamCertKernelKind; use bios_basic::rbum::rbum_enumeration::RbumCertStatusKind; +use std::process::id; use tardis::basic::dto::TardisContext; use tardis::basic::result::TardisResult; use tardis::{TardisFuns, TardisFunsInst}; @@ -19,4 +20,8 @@ impl IamCiCertAkSkServ { let cert_id = IamCertAkSkServ::add_cert(&IamCertAkSkAddReq { ak: ak.clone(), sk: sk.clone() }, app_id, &cert_conf_id, funs, ctx).await?; Ok(IamCertAkSkResp { id: cert_id, ak, sk }) } + + pub async fn delete_cert(id: &str, funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult<()> { + IamCertAkSkServ::delete_cert(id, funs, ctx).await + } } diff --git a/core/iam/src/console_tenant/api/iam_ct_cert_manage_api.rs b/core/iam/src/console_tenant/api/iam_ct_cert_manage_api.rs index 14508c25b..0f13e833f 100644 --- a/core/iam/src/console_tenant/api/iam_ct_cert_manage_api.rs +++ b/core/iam/src/console_tenant/api/iam_ct_cert_manage_api.rs @@ -22,7 +22,7 @@ pub struct IamCtCertManageApi; #[poem_openapi::OpenApi(prefix_path = "/ct/cert/manage", tag = "bios_basic::ApiTag::Tenant")] impl IamCtCertManageApi { /// Find Conf - #[oai(path = "/conf", method = "get")] + #[oai(path = "/conf", method = "get", deprecated = "true")] #[deprecated] async fn find_conf(&self, ctx: TardisContextExtractor) -> TardisApiResult> { let funs = iam_constants::get_tardis_inst(); @@ -85,7 +85,7 @@ impl IamCtCertManageApi { } /// get manage cert - #[oai(path = "/v1.0/:id", method = "get")] + #[oai(path = "/v1.0/:id", method = "get", deprecated = "true")] #[deprecated = "remove"] async fn get_manage_cert_deprecated(&self, id: Path, ctx: TardisContextExtractor) -> TardisApiResult { let funs = iam_constants::get_tardis_inst(); @@ -141,7 +141,7 @@ impl IamCtCertManageApi { } /// Paginate Manage Certs - #[oai(path = "/v1.0", method = "get")] + #[oai(path = "/v1.0", method = "get", deprecated = "true")] #[deprecated = "remove"] async fn paginate_certs_deprecated( &self, From 5258aa1e620a36ca7cc81cc18c2ee8c9c7faa966 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BD=95=E4=B9=90=E5=A4=A9?= <869759838@qq.com> Date: Fri, 18 Nov 2022 17:13:47 +0800 Subject: [PATCH 05/12] 1 --- core/iam/src/basic/serv/iam_cert_aksk_serv.rs | 12 ++++++++---- .../iam/src/console_interface/api/iam_ci_cert_api.rs | 2 +- core/iam/src/iam_constants.rs | 2 ++ 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/core/iam/src/basic/serv/iam_cert_aksk_serv.rs b/core/iam/src/basic/serv/iam_cert_aksk_serv.rs index 01833478b..977391aac 100644 --- a/core/iam/src/basic/serv/iam_cert_aksk_serv.rs +++ b/core/iam/src/basic/serv/iam_cert_aksk_serv.rs @@ -5,7 +5,6 @@ use bios_basic::rbum::rbum_enumeration::{RbumCertConfStatusKind, RbumCertRelKind use bios_basic::rbum::serv::rbum_cert_serv::{RbumCertConfServ, RbumCertServ}; use bios_basic::rbum::serv::rbum_crud_serv::RbumCrudOperation; use tardis::basic::field::TrimString; -use tardis::db::sea_orm::sea_query::ColumnSpec::Default; use tardis::{ basic::{dto::TardisContext, result::TardisResult}, TardisFuns, TardisFunsInst, @@ -15,6 +14,7 @@ use crate::basic::dto::iam_cert_conf_dto::{IamCertConfAkSkAddOrModifyReq, IamCer use crate::basic::dto::iam_cert_dto::{IamCertAkSkAddReq, IamCertMailVCodeAddReq}; use crate::basic::serv::iam_key_cache_serv::IamIdentCacheServ; use crate::iam_config::IamBasicConfigApi; +use crate::iam_constants::RBUM_SYSTEM_OWNER; use crate::iam_enumeration::IamCertKernelKind; pub struct IamCertAkSkServ; @@ -89,10 +89,14 @@ impl IamCertAkSkServ { } pub async fn add_cert(add_req: &IamCertAkSkAddReq, rel_rbum_id: &str, rel_rbum_cert_conf_id: &str, funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult { + let new_ctx = TardisContext { + owner: RBUM_SYSTEM_OWNER.to_string(), + ..ctx.clone() + }; let id = RbumCertServ::add_rbum( &mut RbumCertAddReq { - ak: add_req.ak.into(), - sk: Some(add_req.sk.into()), + ak: TrimString(add_req.ak.clone()), + sk: Some(TrimString(add_req.sk.clone())), kind: None, supplier: None, vcode: None, @@ -107,7 +111,7 @@ impl IamCertAkSkServ { is_outside: false, }, funs, - ctx, + &new_ctx, ) .await?; IamIdentCacheServ::add_aksk(&add_req.ak, &add_req.sk, rel_rbum_id, funs); diff --git a/core/iam/src/console_interface/api/iam_ci_cert_api.rs b/core/iam/src/console_interface/api/iam_ci_cert_api.rs index dad7cc544..00a85511b 100644 --- a/core/iam/src/console_interface/api/iam_ci_cert_api.rs +++ b/core/iam/src/console_interface/api/iam_ci_cert_api.rs @@ -24,6 +24,6 @@ impl IamCiCertApi { async fn delete_aksk(&self, id: &str, ctx: TardisContextExtractor) -> TardisApiResult { let funs = iam_constants::get_tardis_inst(); let result = IamCiCertAkSkServ::delete_cert(id, &funs, &ctx.0).await?; - TardisResp::ok(Void) + TardisResp::ok(Void{}) } } diff --git a/core/iam/src/iam_constants.rs b/core/iam/src/iam_constants.rs index 3d77f1554..1dd362bef 100644 --- a/core/iam/src/iam_constants.rs +++ b/core/iam/src/iam_constants.rs @@ -16,6 +16,8 @@ pub const RBUM_EXT_TABLE_IAM_ACCOUNT: &str = "iam_account"; pub const RBUM_EXT_TABLE_IAM_ROLE: &str = "iam_role"; pub const RBUM_EXT_TABLE_IAM_RES: &str = "iam_res"; +pub const RBUM_SYSTEM_OWNER: &str = "_system_"; + pub const RBUM_ITEM_NAME_SYS_ADMIN_ACCOUNT: &str = "bios"; pub const RBUM_ITEM_NAME_SYS_ADMIN_ROLE: &str = "sys_admin"; pub const RBUM_ITEM_NAME_TENANT_ADMIN_ROLE: &str = "tenant_admin"; From 9147d7b92668b83afa9477f112d2ba72da31c065 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BD=95=E4=B9=90=E5=A4=A9?= <869759838@qq.com> Date: Mon, 21 Nov 2022 17:41:01 +0800 Subject: [PATCH 06/12] update --- core/iam/src/basic/serv/iam_cert_aksk_serv.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/iam/src/basic/serv/iam_cert_aksk_serv.rs b/core/iam/src/basic/serv/iam_cert_aksk_serv.rs index 977391aac..1da38ae6e 100644 --- a/core/iam/src/basic/serv/iam_cert_aksk_serv.rs +++ b/core/iam/src/basic/serv/iam_cert_aksk_serv.rs @@ -114,13 +114,13 @@ impl IamCertAkSkServ { &new_ctx, ) .await?; - IamIdentCacheServ::add_aksk(&add_req.ak, &add_req.sk, rel_rbum_id, funs); + IamIdentCacheServ::add_aksk(&add_req.ak, &add_req.sk, rel_rbum_id, funs).await?; Ok(id) } pub async fn delete_cert(id: &str, funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult<()> { let resp = RbumCertServ::peek_rbum(id, &RbumCertFilterReq { ..Default::default() }, funs, ctx).await?; RbumCertServ::delete_rbum(id, funs, ctx).await?; - IamIdentCacheServ::delete_aksk(&resp.ak, funs); + IamIdentCacheServ::delete_aksk(&resp.ak, funs).await?; Ok(()) } } From 6800db226872f6b4bf6e7bce62498d31761cb8f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BD=95=E4=B9=90=E5=A4=A9?= <869759838@qq.com> Date: Wed, 23 Nov 2022 09:57:38 +0800 Subject: [PATCH 07/12] update --- core/iam/src/basic/dto/iam_cert_dto.rs | 4 +-- core/iam/src/basic/serv/iam_cert_aksk_serv.rs | 29 ++++++++++++------- .../console_interface/api/iam_ci_cert_api.rs | 8 ++--- .../serv/iam_ci_cert_aksk_serv.rs | 4 +-- 4 files changed, 27 insertions(+), 18 deletions(-) diff --git a/core/iam/src/basic/dto/iam_cert_dto.rs b/core/iam/src/basic/dto/iam_cert_dto.rs index 9b50e1063..e3f105b3d 100644 --- a/core/iam/src/basic/dto/iam_cert_dto.rs +++ b/core/iam/src/basic/dto/iam_cert_dto.rs @@ -131,8 +131,8 @@ pub struct IamCertLdapAddOrModifyReq { #[derive(poem_openapi::Object, Serialize, Deserialize, Debug)] pub struct IamCertAkSkAddReq { - pub ak: String, - pub sk: String, + pub tenant_id: String, + pub app_id: Option, } #[derive(poem_openapi::Object, Serialize, Deserialize, Debug)] diff --git a/core/iam/src/basic/serv/iam_cert_aksk_serv.rs b/core/iam/src/basic/serv/iam_cert_aksk_serv.rs index 1da38ae6e..e9d991257 100644 --- a/core/iam/src/basic/serv/iam_cert_aksk_serv.rs +++ b/core/iam/src/basic/serv/iam_cert_aksk_serv.rs @@ -7,11 +7,11 @@ use bios_basic::rbum::serv::rbum_crud_serv::RbumCrudOperation; use tardis::basic::field::TrimString; use tardis::{ basic::{dto::TardisContext, result::TardisResult}, - TardisFuns, TardisFunsInst, + TardisFunsInst, }; -use crate::basic::dto::iam_cert_conf_dto::{IamCertConfAkSkAddOrModifyReq, IamCertConfMailVCodeAddOrModifyReq}; -use crate::basic::dto::iam_cert_dto::{IamCertAkSkAddReq, IamCertMailVCodeAddReq}; +use crate::basic::dto::iam_cert_conf_dto::IamCertConfAkSkAddOrModifyReq; +use crate::basic::dto::iam_cert_dto::IamCertAkSkAddReq; use crate::basic::serv::iam_key_cache_serv::IamIdentCacheServ; use crate::iam_config::IamBasicConfigApi; use crate::iam_constants::RBUM_SYSTEM_OWNER; @@ -84,19 +84,28 @@ impl IamCertAkSkServ { }, funs, ctx, - ); - Ok(()) + ).await } - pub async fn add_cert(add_req: &IamCertAkSkAddReq, rel_rbum_id: &str, rel_rbum_cert_conf_id: &str, funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult { + pub async fn add_cert(add_req: &IamCertAkSkAddReq, ak: &str, sk: &str, rel_rbum_cert_conf_id: &str, funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult { let new_ctx = TardisContext { owner: RBUM_SYSTEM_OWNER.to_string(), + own_paths: if add_req.app_id.is_some() { + format!("{}/{}", add_req.tenant_id, add_req.app_id.clone().unwrap()) + } else { + add_req.tenant_id.clone() + }, ..ctx.clone() }; + let rel_rbum_id = if add_req.app_id.is_some() { + add_req.app_id.as_ref().unwrap() + } else { + &add_req.tenant_id + }; let id = RbumCertServ::add_rbum( &mut RbumCertAddReq { - ak: TrimString(add_req.ak.clone()), - sk: Some(TrimString(add_req.sk.clone())), + ak: ak.into(), + sk: Some(sk.into()), kind: None, supplier: None, vcode: None, @@ -107,14 +116,14 @@ impl IamCertAkSkServ { status: RbumCertStatusKind::Enabled, rel_rbum_cert_conf_id: Some(rel_rbum_cert_conf_id.to_string()), rel_rbum_kind: RbumCertRelKind::Item, - rel_rbum_id: rel_rbum_id.to_string(), + rel_rbum_id: rel_rbum_id.clone(), is_outside: false, }, funs, &new_ctx, ) .await?; - IamIdentCacheServ::add_aksk(&add_req.ak, &add_req.sk, rel_rbum_id, funs).await?; + IamIdentCacheServ::add_aksk(ak, sk, rel_rbum_id, funs).await?; Ok(id) } pub async fn delete_cert(id: &str, funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult<()> { diff --git a/core/iam/src/console_interface/api/iam_ci_cert_api.rs b/core/iam/src/console_interface/api/iam_ci_cert_api.rs index 00a85511b..c559ceb76 100644 --- a/core/iam/src/console_interface/api/iam_ci_cert_api.rs +++ b/core/iam/src/console_interface/api/iam_ci_cert_api.rs @@ -1,4 +1,4 @@ -use crate::basic::dto::iam_cert_dto::IamCertAkSkResp; +use crate::basic::dto::iam_cert_dto::{IamCertAkSkAddReq, IamCertAkSkResp}; use crate::console_interface::serv::iam_ci_cert_aksk_serv::IamCiCertAkSkServ; use crate::iam_constants; use tardis::web::context_extractor::TardisContextExtractor; @@ -14,9 +14,9 @@ pub struct IamCiCertApi; impl IamCiCertApi { /// add aksk cert // #[oai(path = "/aksk", method = "put")] - async fn add_aksk(&self, app_id: &str, ctx: TardisContextExtractor) -> TardisApiResult { + async fn add_aksk(&self, add_req: Json, ctx: TardisContextExtractor) -> TardisApiResult { let funs = iam_constants::get_tardis_inst(); - let result = IamCiCertAkSkServ::general_cert(app_id, &funs, &ctx.0).await?; + let result = IamCiCertAkSkServ::general_cert(add_req.0, &funs, &ctx.0).await?; TardisResp::ok(result) } @@ -24,6 +24,6 @@ impl IamCiCertApi { async fn delete_aksk(&self, id: &str, ctx: TardisContextExtractor) -> TardisApiResult { let funs = iam_constants::get_tardis_inst(); let result = IamCiCertAkSkServ::delete_cert(id, &funs, &ctx.0).await?; - TardisResp::ok(Void{}) + TardisResp::ok(Void {}) } } diff --git a/core/iam/src/console_interface/serv/iam_ci_cert_aksk_serv.rs b/core/iam/src/console_interface/serv/iam_ci_cert_aksk_serv.rs index 0d9a609a7..bae85e2c7 100644 --- a/core/iam/src/console_interface/serv/iam_ci_cert_aksk_serv.rs +++ b/core/iam/src/console_interface/serv/iam_ci_cert_aksk_serv.rs @@ -12,12 +12,12 @@ use tardis::{TardisFuns, TardisFunsInst}; pub struct IamCiCertAkSkServ; impl IamCiCertAkSkServ { - pub async fn general_cert(app_id: &str, funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult { + pub async fn general_cert(add_req: IamCertAkSkAddReq, funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult { let cert_conf_id = IamCertServ::get_cert_conf_id_by_kind(IamCertKernelKind::AkSk.to_string().as_str(), Some(IamTenantServ::get_id_by_ctx(ctx, funs)?), funs).await?; let ak = TardisFuns::crypto.key.generate_ak()?; let sk = TardisFuns::crypto.key.generate_sk(&ak)?; - let cert_id = IamCertAkSkServ::add_cert(&IamCertAkSkAddReq { ak: ak.clone(), sk: sk.clone() }, app_id, &cert_conf_id, funs, ctx).await?; + let cert_id = IamCertAkSkServ::add_cert(&add_req, &ak, &sk, &cert_conf_id, funs, ctx).await?; Ok(IamCertAkSkResp { id: cert_id, ak, sk }) } From 038894a097529658251225e880bf3a023952b00e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BD=95=E4=B9=90=E5=A4=A9?= <869759838@qq.com> Date: Thu, 1 Dec 2022 16:31:40 +0800 Subject: [PATCH 08/12] update --- core/iam/src/basic/serv/iam_cert_serv.rs | 18 ++---------------- .../console_interface/api/iam_ci_cert_api.rs | 10 +++++----- .../serv/iam_ci_cert_aksk_serv.rs | 2 -- 3 files changed, 7 insertions(+), 23 deletions(-) diff --git a/core/iam/src/basic/serv/iam_cert_serv.rs b/core/iam/src/basic/serv/iam_cert_serv.rs index 33632bf6c..64be90ebf 100644 --- a/core/iam/src/basic/serv/iam_cert_serv.rs +++ b/core/iam/src/basic/serv/iam_cert_serv.rs @@ -719,14 +719,7 @@ impl IamCertServ { } pub async fn get_cert_conf_id_and_ext_opt_by_kind(code: &str, rel_iam_item_id: Option, funs: &TardisFunsInst) -> TardisResult> { - RbumCertConfServ::get_rbum_cert_conf_id_and_ext_by_kind_supplier( - code, - "", - &funs.iam_basic_domain_iam_id(), - rel_iam_item_id.unwrap_or_default().as_str(), - funs, - ) - .await + RbumCertConfServ::get_rbum_cert_conf_id_and_ext_by_kind_supplier(code, "", &funs.iam_basic_domain_iam_id(), rel_iam_item_id.unwrap_or_default().as_str(), funs).await } pub async fn get_cert_conf_id_and_ext_opt_by_kind_supplier( @@ -735,14 +728,7 @@ impl IamCertServ { rel_iam_item_id: Option, funs: &TardisFunsInst, ) -> TardisResult> { - RbumCertConfServ::get_rbum_cert_conf_id_and_ext_by_kind_supplier( - kind, - supplier, - &funs.iam_basic_domain_iam_id(), - rel_iam_item_id.unwrap_or_default().as_str(), - funs, - ) - .await + RbumCertConfServ::get_rbum_cert_conf_id_and_ext_by_kind_supplier(kind, supplier, &funs.iam_basic_domain_iam_id(), rel_iam_item_id.unwrap_or_default().as_str(), funs).await } pub async fn package_tardis_context_and_resp( diff --git a/core/iam/src/console_interface/api/iam_ci_cert_api.rs b/core/iam/src/console_interface/api/iam_ci_cert_api.rs index c559ceb76..33a980d5e 100644 --- a/core/iam/src/console_interface/api/iam_ci_cert_api.rs +++ b/core/iam/src/console_interface/api/iam_ci_cert_api.rs @@ -4,7 +4,7 @@ use crate::iam_constants; use tardis::web::context_extractor::TardisContextExtractor; use tardis::web::poem_openapi; use tardis::web::poem_openapi::param::Query; -use tardis::web::poem_openapi::{param::Path, payload::Json, Tags}; +use tardis::web::poem_openapi::payload::Json; use tardis::web::web_resp::{TardisApiResult, TardisResp, Void}; pub struct IamCiCertApi; @@ -13,17 +13,17 @@ pub struct IamCiCertApi; #[poem_openapi::OpenApi(prefix_path = "/ci", tag = "bios_basic::ApiTag::Interface")] impl IamCiCertApi { /// add aksk cert - // #[oai(path = "/aksk", method = "put")] + #[oai(path = "/aksk", method = "put")] async fn add_aksk(&self, add_req: Json, ctx: TardisContextExtractor) -> TardisApiResult { let funs = iam_constants::get_tardis_inst(); let result = IamCiCertAkSkServ::general_cert(add_req.0, &funs, &ctx.0).await?; TardisResp::ok(result) } - // #[oai(path = "/conf/aksk", method = "delete")] - async fn delete_aksk(&self, id: &str, ctx: TardisContextExtractor) -> TardisApiResult { + #[oai(path = "/conf/aksk", method = "delete")] + async fn delete_aksk(&self, id: Query, ctx: TardisContextExtractor) -> TardisApiResult { let funs = iam_constants::get_tardis_inst(); - let result = IamCiCertAkSkServ::delete_cert(id, &funs, &ctx.0).await?; + IamCiCertAkSkServ::delete_cert(&id.0, &funs, &ctx.0).await?; TardisResp::ok(Void {}) } } diff --git a/core/iam/src/console_interface/serv/iam_ci_cert_aksk_serv.rs b/core/iam/src/console_interface/serv/iam_ci_cert_aksk_serv.rs index 80242bbc8..adab20d6f 100644 --- a/core/iam/src/console_interface/serv/iam_ci_cert_aksk_serv.rs +++ b/core/iam/src/console_interface/serv/iam_ci_cert_aksk_serv.rs @@ -3,8 +3,6 @@ use crate::basic::serv::iam_cert_aksk_serv::IamCertAkSkServ; use crate::basic::serv::iam_cert_serv::IamCertServ; use crate::basic::serv::iam_tenant_serv::IamTenantServ; use crate::iam_enumeration::IamCertKernelKind; -use bios_basic::rbum::rbum_enumeration::RbumCertStatusKind; -use std::process::id; use tardis::basic::dto::TardisContext; use tardis::basic::result::TardisResult; use tardis::{TardisFuns, TardisFunsInst}; From 8d04bb3dd7544f1cd8e7ed087107172eeb8405e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BD=95=E4=B9=90=E5=A4=A9?= <869759838@qq.com> Date: Tue, 6 Dec 2022 11:01:45 +0800 Subject: [PATCH 09/12] update --- .../src/console_interface/api/iam_ci_cert_api.rs | 9 +++++++++ core/iam/src/console_interface/serv.rs | 1 + .../serv/iam_ci_oauth2_token_serv.rs | 11 +++++++++++ core/iam/src/iam_enumeration.rs | 13 +++++++++++++ 4 files changed, 34 insertions(+) create mode 100644 core/iam/src/console_interface/serv/iam_ci_oauth2_token_serv.rs diff --git a/core/iam/src/console_interface/api/iam_ci_cert_api.rs b/core/iam/src/console_interface/api/iam_ci_cert_api.rs index 33a980d5e..9ff778730 100644 --- a/core/iam/src/console_interface/api/iam_ci_cert_api.rs +++ b/core/iam/src/console_interface/api/iam_ci_cert_api.rs @@ -1,6 +1,8 @@ use crate::basic::dto::iam_cert_dto::{IamCertAkSkAddReq, IamCertAkSkResp}; use crate::console_interface::serv::iam_ci_cert_aksk_serv::IamCiCertAkSkServ; +use crate::console_interface::serv::iam_ci_oauth2_token_serv::IamCiOauth2AkSkServ; use crate::iam_constants; +use crate::iam_enumeration::Oauth2GrantType; use tardis::web::context_extractor::TardisContextExtractor; use tardis::web::poem_openapi; use tardis::web::poem_openapi::param::Query; @@ -26,4 +28,11 @@ impl IamCiCertApi { IamCiCertAkSkServ::delete_cert(&id.0, &funs, &ctx.0).await?; TardisResp::ok(Void {}) } + + #[oai(path = "/token", method = "get")] + async fn get_token(&self, grant_type: Query, client_id: Query, client_secret: Query, scope: Query) -> TardisApiResult { + let grant_type = Oauth2GrantType::parse(&grant_type.0)?; + IamCiOauth2AkSkServ::generate_token(grant_type, client_id.0, client_secret.0).await?; + TardisResp::ok(Void {}) + } } diff --git a/core/iam/src/console_interface/serv.rs b/core/iam/src/console_interface/serv.rs index 8abdfcfe2..42b4f974d 100644 --- a/core/iam/src/console_interface/serv.rs +++ b/core/iam/src/console_interface/serv.rs @@ -1 +1,2 @@ pub mod iam_ci_cert_aksk_serv; +pub mod iam_ci_oauth2_token_serv; diff --git a/core/iam/src/console_interface/serv/iam_ci_oauth2_token_serv.rs b/core/iam/src/console_interface/serv/iam_ci_oauth2_token_serv.rs new file mode 100644 index 000000000..01df980c5 --- /dev/null +++ b/core/iam/src/console_interface/serv/iam_ci_oauth2_token_serv.rs @@ -0,0 +1,11 @@ +use tardis::basic::result::TardisResult; +use crate::iam_enumeration::Oauth2GrantType; + +pub struct IamCiOauth2AkSkServ; + +impl IamCiOauth2AkSkServ { + pub async fn generate_token(grant_type: Oauth2GrantType, client_id: String, client_secret: String) ->TardisResult<()>{ + //todo + Ok(()) + } +} \ No newline at end of file diff --git a/core/iam/src/iam_enumeration.rs b/core/iam/src/iam_enumeration.rs index 404119a5c..bcfb54a5f 100644 --- a/core/iam/src/iam_enumeration.rs +++ b/core/iam/src/iam_enumeration.rs @@ -146,3 +146,16 @@ pub enum IamSetCateKind { Tenant, App, } + +#[derive(Display, Clone, Debug, PartialEq, Eq, Deserialize, Serialize, poem_openapi::Enum, sea_orm::strum::EnumString)] +pub enum Oauth2GrantType { + AuthorizationCode, + Password, + ClientCredentials, +} + +impl Oauth2GrantType { + pub fn parse(kind: &str) -> TardisResult { + Oauth2GrantType::from_str(kind).map_err(|_| TardisError::format_error(&format!("not support OAuth2 kind: {}", kind), "404-iam-cert-oauth-kind-not-exist")) + } +} From b5d358aea84db82cd363cd71a4373a64076c26cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BD=95=E4=B9=90=E5=A4=A9?= <869759838@qq.com> Date: Mon, 12 Dec 2022 14:21:40 +0800 Subject: [PATCH 10/12] 1 --- core/iam/src/basic/dto/iam_cert_dto.rs | 9 +++++ core/iam/src/basic/serv/iam_res_serv.rs | 2 +- core/iam/src/console_common/api.rs | 2 +- .../console_interface/api/iam_ci_cert_api.rs | 15 +++++-- .../serv/iam_ci_oauth2_token_serv.rs | 40 ++++++++++++++++--- core/iam/src/iam_config.rs | 1 + core/iam/src/iam_enumeration.rs | 3 +- core/iam/src/iam_initializer.rs | 4 +- 8 files changed, 61 insertions(+), 15 deletions(-) diff --git a/core/iam/src/basic/dto/iam_cert_dto.rs b/core/iam/src/basic/dto/iam_cert_dto.rs index 5f2453430..6dd9ea572 100644 --- a/core/iam/src/basic/dto/iam_cert_dto.rs +++ b/core/iam/src/basic/dto/iam_cert_dto.rs @@ -151,3 +151,12 @@ pub struct IamCertAkSkResp { pub ak: String, pub sk: String, } + +#[derive(poem_openapi::Object, Serialize, Deserialize, Debug)] +pub struct IamOauth2AkSkResp { + pub access_token: String, + pub token_type: String, + pub expires_in: String, + pub refresh_token: String, + pub scope: String, +} diff --git a/core/iam/src/basic/serv/iam_res_serv.rs b/core/iam/src/basic/serv/iam_res_serv.rs index ba60f33cd..f60326643 100644 --- a/core/iam/src/basic/serv/iam_res_serv.rs +++ b/core/iam/src/basic/serv/iam_res_serv.rs @@ -23,7 +23,7 @@ use bios_basic::rbum::serv::rbum_item_serv::RbumItemCrudOperation; use crate::basic::domain::iam_res; use crate::basic::dto::iam_filer_dto::IamResFilterReq; -use crate::basic::dto::iam_res_dto::{IamResAddReq, IamResAggAddReq, IamResDetailResp, IamResModifyReq, IamResSummaryResp, MenuItem, JsonMenu}; +use crate::basic::dto::iam_res_dto::{IamResAddReq, IamResAggAddReq, IamResDetailResp, IamResModifyReq, IamResSummaryResp, JsonMenu, MenuItem}; use crate::basic::dto::iam_set_dto::{IamSetItemAddReq, IamSetItemAggAddReq}; use crate::basic::serv::iam_key_cache_serv::IamResCacheServ; use crate::basic::serv::iam_rel_serv::IamRelServ; diff --git a/core/iam/src/console_common/api.rs b/core/iam/src/console_common/api.rs index cf77db8f4..4b892a8ff 100644 --- a/core/iam/src/console_common/api.rs +++ b/core/iam/src/console_common/api.rs @@ -1,7 +1,7 @@ pub mod iam_cc_account_api; +pub mod iam_cc_cert_api; pub mod iam_cc_org_api; pub mod iam_cc_res_api; pub mod iam_cc_role_api; pub mod iam_cc_system_api; pub mod iam_cc_tenant_api; -pub mod iam_cc_cert_api; diff --git a/core/iam/src/console_interface/api/iam_ci_cert_api.rs b/core/iam/src/console_interface/api/iam_ci_cert_api.rs index 9ff778730..4dbb2289c 100644 --- a/core/iam/src/console_interface/api/iam_ci_cert_api.rs +++ b/core/iam/src/console_interface/api/iam_ci_cert_api.rs @@ -1,4 +1,4 @@ -use crate::basic::dto::iam_cert_dto::{IamCertAkSkAddReq, IamCertAkSkResp}; +use crate::basic::dto::iam_cert_dto::{IamCertAkSkAddReq, IamCertAkSkResp, IamOauth2AkSkResp}; use crate::console_interface::serv::iam_ci_cert_aksk_serv::IamCiCertAkSkServ; use crate::console_interface::serv::iam_ci_oauth2_token_serv::IamCiOauth2AkSkServ; use crate::iam_constants; @@ -30,9 +30,16 @@ impl IamCiCertApi { } #[oai(path = "/token", method = "get")] - async fn get_token(&self, grant_type: Query, client_id: Query, client_secret: Query, scope: Query) -> TardisApiResult { + async fn get_token( + &self, + grant_type: Query, + client_id: Query, + client_secret: Query, + scope: Query>, + ) -> TardisApiResult { let grant_type = Oauth2GrantType::parse(&grant_type.0)?; - IamCiOauth2AkSkServ::generate_token(grant_type, client_id.0, client_secret.0).await?; - TardisResp::ok(Void {}) + let funs = iam_constants::get_tardis_inst(); + let resp = IamCiOauth2AkSkServ::generate_token(grant_type, &client_id.0, &client_secret.0, scope.0, funs).await?; + TardisResp::ok(resp) } } diff --git a/core/iam/src/console_interface/serv/iam_ci_oauth2_token_serv.rs b/core/iam/src/console_interface/serv/iam_ci_oauth2_token_serv.rs index 01df980c5..e1007e9f9 100644 --- a/core/iam/src/console_interface/serv/iam_ci_oauth2_token_serv.rs +++ b/core/iam/src/console_interface/serv/iam_ci_oauth2_token_serv.rs @@ -1,11 +1,41 @@ +use std::clone; +use crate::basic::dto::iam_cert_dto::IamOauth2AkSkResp; +use crate::basic::serv::iam_cert_serv::IamCertServ; +use crate::iam_enumeration::{IamCertKernelKind, IamCertTokenKind, Oauth2GrantType}; +use bios_basic::rbum::rbum_enumeration::RbumCertRelKind; +use bios_basic::rbum::serv::rbum_cert_serv::RbumCertServ; use tardis::basic::result::TardisResult; -use crate::iam_enumeration::Oauth2GrantType; +use tardis::{TardisFuns, TardisFunsInst}; +use crate::basic::serv::iam_key_cache_serv::IamIdentCacheServ; pub struct IamCiOauth2AkSkServ; impl IamCiOauth2AkSkServ { - pub async fn generate_token(grant_type: Oauth2GrantType, client_id: String, client_secret: String) ->TardisResult<()>{ - //todo - Ok(()) + pub async fn generate_token(grant_type: Oauth2GrantType, client_id: &str, client_secret: &str, scope: Option, funs: TardisFunsInst) -> TardisResult { + match grant_type { + Oauth2GrantType::AuthorizationCode => {} + Oauth2GrantType::Password => {} + Oauth2GrantType::ClientCredentials => RbumCertServ::validate_by_ak_and_basic_sk( + client_id, + client_secret, + &RbumCertRelKind::Item, + false, + "", + vec![&IamCertKernelKind::AkSk.to_string()], + &funs, + ), + } + + let access_token = TardisFuns::crypto.key.generate_token()?; + let refresh_token = TardisFuns::crypto.key.generate_token()?; + let expire_sec=30*24*60*60; + IamIdentCacheServ::add_token(&access_token.clone(), &IamCertTokenKind::TokenOauth2, rel_rbum_id, ,funs).await?; + Ok(IamOauth2AkSkResp { + access_token, + token_type: "".to_string(), + expires_in: "".to_string(), + refresh_token, + scope: "".to_string(), + }) } -} \ No newline at end of file +} diff --git a/core/iam/src/iam_config.rs b/core/iam/src/iam_config.rs index f84f793dc..83005e1c6 100644 --- a/core/iam/src/iam_config.rs +++ b/core/iam/src/iam_config.rs @@ -15,6 +15,7 @@ use bios_basic::rbum::rbum_config::RbumConfig; pub struct IamConfig { pub rbum: RbumConfig, // token -> (token_kind, account_id) + // accessToken(token_kind = TokenOauth2) -> (token_kind, rel_iam_item_id, ak, SetCateIds) pub cache_key_token_info_: String, // ak -> (sk,tenant_id,[appid]) pub cache_key_aksk_info_: String, diff --git a/core/iam/src/iam_enumeration.rs b/core/iam/src/iam_enumeration.rs index 7768d8d35..623ab38f2 100644 --- a/core/iam/src/iam_enumeration.rs +++ b/core/iam/src/iam_enumeration.rs @@ -77,6 +77,7 @@ pub enum IamCertTokenKind { TokenPc, TokenPhone, TokenPad, + TokenOauth2, } impl IamCertTokenKind { @@ -165,5 +166,3 @@ impl Oauth2GrantType { Oauth2GrantType::from_str(kind).map_err(|_| TardisError::format_error(&format!("not support OAuth2 kind: {}", kind), "404-iam-cert-oauth-kind-not-exist")) } } - - diff --git a/core/iam/src/iam_initializer.rs b/core/iam/src/iam_initializer.rs index a8cf13b28..b39ff2eb9 100644 --- a/core/iam/src/iam_initializer.rs +++ b/core/iam/src/iam_initializer.rs @@ -6,7 +6,7 @@ use tardis::basic::field::TrimString; use tardis::basic::result::TardisResult; use tardis::db::reldb_client::TardisActiveModel; use tardis::db::sea_orm::sea_query::Table; -use tardis::log::{info}; +use tardis::log::info; use tardis::web::web_server::TardisWebServer; use tardis::{TardisFuns, TardisFunsInst}; @@ -234,7 +234,7 @@ pub async fn init_rbum_data(funs: &TardisFunsInst) -> TardisResult<(String, Stri let (set_menu_ct_id, set_api_ct_id) = add_res(&set_res_id, &cate_menu_id, &cate_api_id, "ct", "Tenant Console", funs, &ctx).await?; let (set_menu_ca_id, set_api_ca_id) = add_res(&set_res_id, &cate_menu_id, &cate_api_id, "ca", "App Console", funs, &ctx).await?; - init_menu_by_file(&set_res_id, &cate_menu_id, &funs.conf::().init_menu_json_path,funs, &ctx).await?; + init_menu_by_file(&set_res_id, &cate_menu_id, &funs.conf::().init_menu_json_path, funs, &ctx).await?; // init_menu(&set_res_id, &cate_menu_id, funs, &ctx).await?; // Init kernel certs From f1425ad0cbb89dc80efae8cdfbab54ca20bc7b9b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BD=95=E4=B9=90=E5=A4=A9?= <869759838@qq.com> Date: Wed, 14 Dec 2022 09:10:50 +0800 Subject: [PATCH 11/12] 1 --- basic/src/rbum/serv/rbum_cert_serv.rs | 12 ++++--- core/iam/src/basic/serv/iam_cert_ldap_serv.rs | 6 ++-- .../serv/iam_ci_oauth2_token_serv.rs | 32 +++++++++---------- 3 files changed, 26 insertions(+), 24 deletions(-) diff --git a/basic/src/rbum/serv/rbum_cert_serv.rs b/basic/src/rbum/serv/rbum_cert_serv.rs index 5f19ad4a1..80549d08a 100644 --- a/basic/src/rbum/serv/rbum_cert_serv.rs +++ b/basic/src/rbum/serv/rbum_cert_serv.rs @@ -809,7 +809,7 @@ impl RbumCertServ { input_sk: &str, rel_rbum_kind: &RbumCertRelKind, ignore_end_time: bool, - own_paths: &str, + own_paths: Option, allowed_kinds: Vec<&str>, funs: &TardisFunsInst, ) -> TardisResult<(String, RbumCertRelKind, String)> { @@ -841,11 +841,13 @@ impl RbumCertServ { .from(rbum_cert::Entity) .and_where(Expr::col(rbum_cert::Column::Ak).eq(ak)) .and_where(Expr::col(rbum_cert::Column::RelRbumKind).eq(rel_rbum_kind.to_int())) - .and_where(Expr::col(rbum_cert::Column::OwnPaths).eq(own_paths)) .and_where(Expr::col(rbum_cert::Column::Status).eq(RbumCertStatusKind::Enabled.to_int())) .and_where(Expr::col(rbum_cert::Column::StartTime).lte(Utc::now().naive_utc())) //basic sk must have cert conf .and_where(Expr::col(rbum_cert::Column::RelRbumCertConfId).ne("")); + if let Some(own_paths) = own_paths.clone() { + query.and_where(Expr::col(rbum_cert::Column::OwnPaths).eq(own_paths)); + } let rbum_cert = funs.db().get_dto::(&query).await?; if let Some(rbum_cert) = rbum_cert { if funs.cache().exists(&format!("{}{}", funs.rbum_conf_cache_key_cert_locked_(), rbum_cert.rel_rbum_id)).await? { @@ -890,7 +892,7 @@ impl RbumCertServ { .await?) } else { log::warn!( - "validation error [sk is not match] by ak {},rel_rbum_cert_conf_id {}, own_paths {}", + "validation error [sk is not match] by ak {},rel_rbum_cert_conf_id {}, own_paths {:?}", ak, rbum_cert_conf_id, own_paths @@ -906,11 +908,11 @@ impl RbumCertServ { Err(funs.err().unauthorized(&Self::get_obj_name(), "valid", "validation error", "401-rbum-cert-valid-error")) } } else { - log::warn!("validation error by ak {},rbum_cert_conf_id is None, own_paths {}", ak, own_paths); + log::warn!("validation error by ak {},rbum_cert_conf_id is None, own_paths {:?}", ak, own_paths); Err(funs.err().unauthorized(&Self::get_obj_name(), "valid", "validation error", "401-rbum-cert-valid-error")) } } else { - log::warn!("validation error by ak {},rel_rbum_kind {}, own_paths {}", ak, rel_rbum_kind, own_paths); + log::warn!("validation error by ak {},rel_rbum_kind {}, own_paths {:?}", ak, rel_rbum_kind, own_paths); Err(funs.err().unauthorized(&Self::get_obj_name(), "valid", "validation error", "401-rbum-cert-valid-error")) } } diff --git a/core/iam/src/basic/serv/iam_cert_ldap_serv.rs b/core/iam/src/basic/serv/iam_cert_ldap_serv.rs index 4553dac87..7615ecc6a 100644 --- a/core/iam/src/basic/serv/iam_cert_ldap_serv.rs +++ b/core/iam/src/basic/serv/iam_cert_ldap_serv.rs @@ -483,14 +483,14 @@ impl IamCertLdapServ { //验证用户名密码登录 let (_, _, rbum_item_id) = if let Some(tenant_id) = tenant_id.clone() { let global_check = - RbumCertServ::validate_by_ak_and_basic_sk(user_name, password, &RbumCertRelKind::Item, false, "", vec![&IamCertKernelKind::UserPwd.to_string()], funs).await; + RbumCertServ::validate_by_ak_and_basic_sk(user_name, password, &RbumCertRelKind::Item, false, Some("".to_string()), vec![&IamCertKernelKind::UserPwd.to_string()], funs).await; if global_check.is_err() { let tenant_check = RbumCertServ::validate_by_ak_and_basic_sk( user_name, password, &RbumCertRelKind::Item, false, - &tenant_id, + Some(tenant_id.clone()), vec![&IamCertKernelKind::UserPwd.to_string()], funs, ) @@ -504,7 +504,7 @@ impl IamCertLdapServ { global_check? } } else { - RbumCertServ::validate_by_ak_and_basic_sk(user_name, password, &RbumCertRelKind::Item, false, "", vec![&IamCertKernelKind::UserPwd.to_string()], funs).await? + RbumCertServ::validate_by_ak_and_basic_sk(user_name, password, &RbumCertRelKind::Item, false, Some("".to_string()), vec![&IamCertKernelKind::UserPwd.to_string()], funs).await? }; if let true = Self::check_user_pwd_is_bind(user_name, code, tenant_id.clone(), funs).await? { return Err(funs.err().not_found("rbum_cert", "bind_user_pwd_by_ldap", "user is bound by ldap", "409-iam-user-is-bound")); diff --git a/core/iam/src/console_interface/serv/iam_ci_oauth2_token_serv.rs b/core/iam/src/console_interface/serv/iam_ci_oauth2_token_serv.rs index e1007e9f9..274f01904 100644 --- a/core/iam/src/console_interface/serv/iam_ci_oauth2_token_serv.rs +++ b/core/iam/src/console_interface/serv/iam_ci_oauth2_token_serv.rs @@ -1,39 +1,39 @@ -use std::clone; use crate::basic::dto::iam_cert_dto::IamOauth2AkSkResp; -use crate::basic::serv::iam_cert_serv::IamCertServ; +use crate::basic::serv::iam_key_cache_serv::IamIdentCacheServ; use crate::iam_enumeration::{IamCertKernelKind, IamCertTokenKind, Oauth2GrantType}; use bios_basic::rbum::rbum_enumeration::RbumCertRelKind; use bios_basic::rbum::serv::rbum_cert_serv::RbumCertServ; use tardis::basic::result::TardisResult; use tardis::{TardisFuns, TardisFunsInst}; -use crate::basic::serv::iam_key_cache_serv::IamIdentCacheServ; pub struct IamCiOauth2AkSkServ; impl IamCiOauth2AkSkServ { pub async fn generate_token(grant_type: Oauth2GrantType, client_id: &str, client_secret: &str, scope: Option, funs: TardisFunsInst) -> TardisResult { + let (_, _, rel_iam_item_id) = RbumCertServ::validate_by_ak_and_basic_sk( + client_id, + client_secret, + &RbumCertRelKind::Item, + false, + None, + vec![&IamCertKernelKind::AkSk.to_string()], + &funs, + ) + .await?; match grant_type { Oauth2GrantType::AuthorizationCode => {} Oauth2GrantType::Password => {} - Oauth2GrantType::ClientCredentials => RbumCertServ::validate_by_ak_and_basic_sk( - client_id, - client_secret, - &RbumCertRelKind::Item, - false, - "", - vec![&IamCertKernelKind::AkSk.to_string()], - &funs, - ), + Oauth2GrantType::ClientCredentials => {} } let access_token = TardisFuns::crypto.key.generate_token()?; let refresh_token = TardisFuns::crypto.key.generate_token()?; - let expire_sec=30*24*60*60; - IamIdentCacheServ::add_token(&access_token.clone(), &IamCertTokenKind::TokenOauth2, rel_rbum_id, ,funs).await?; + let expire_sec = 30 * 24 * 60 * 60; + IamIdentCacheServ::add_token(&access_token.clone(), &IamCertTokenKind::TokenOauth2, &rel_iam_item_id, expire_sec, 1, &funs).await?; Ok(IamOauth2AkSkResp { access_token, - token_type: "".to_string(), - expires_in: "".to_string(), + token_type: "Bearer".to_string(), + expires_in: expire_sec.to_string(), refresh_token, scope: "".to_string(), }) From db9d9c8e2818f5971c24209706a7380573384357 Mon Sep 17 00:00:00 2001 From: RWDai <869759838@qq.com> Date: Wed, 14 Dec 2022 14:15:29 +0800 Subject: [PATCH 12/12] 1 --- .../console_passport/serv/iam_cp_cert_user_pwd_serv.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/core/iam/src/console_passport/serv/iam_cp_cert_user_pwd_serv.rs b/core/iam/src/console_passport/serv/iam_cp_cert_user_pwd_serv.rs index 506b8f8e7..39f048709 100644 --- a/core/iam/src/console_passport/serv/iam_cp_cert_user_pwd_serv.rs +++ b/core/iam/src/console_passport/serv/iam_cp_cert_user_pwd_serv.rs @@ -48,7 +48,7 @@ impl IamCpCertUserPwdServ { pub async fn new_user_name(req: &IamCertUserNameNewReq, funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult<()> { let tenant_id = if IamAccountServ::is_global_account(ctx.owner.as_ref(), funs, ctx).await? { - None + Some("".to_string()) } else { Some(ctx.own_paths.clone()) }; @@ -59,7 +59,7 @@ impl IamCpCertUserPwdServ { &req.sk.0, &RbumCertRelKind::Item, false, - &tenant_id.unwrap_or_default(), + tenant_id, vec![ &IamCertKernelKind::UserPwd.to_string(), &IamCertKernelKind::MailVCode.to_string(), @@ -100,7 +100,7 @@ impl IamCpCertUserPwdServ { &login_req.sk.0, &RbumCertRelKind::Item, false, - &tenant_id, + Some(tenant_id), vec![ &IamCertKernelKind::UserPwd.to_string(), &IamCertKernelKind::MailVCode.to_string(), @@ -123,7 +123,7 @@ impl IamCpCertUserPwdServ { &login_req.sk.0, &RbumCertRelKind::Item, false, - "", + Some("".to_string()), vec![ &IamCertKernelKind::UserPwd.to_string(), &IamCertKernelKind::MailVCode.to_string(),