同步操作将从 Choerodon/iam-service 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
This service includes management functions of user, role, permission, organization, project, password policy, fast code, client, menu, icon, multi-language , and supports for importing third-party users through ldap.
There are three built-in roles in iam-service
:
Platform administrator (having all privileges of platform global layout).
Organization administrator (having all privileges of a single organization's organizational layout).
Project administrator (having all privileges of a single project's project layout).
When assigning a role to a user, the role-associated labels are sent to the devops for processing, and the corresponding roles are assigned to gitlab.
User
After the service is initialized, a user admin is built in. Which has all the platform-wide privileges, including all permissions for all organizations and all projects.
Creating, modifying, and deleting users lead to send events, gitlab synchronization to do the appropriate operation
Privilege
All interfaces of the service define permissions through the @Permission
annotation. All interfaces of this service define permissions through the @Permission
annotation. With the register server
and manager service
, the privileges information of all services will be automatically entered into the database to make it effective through the service. The @Permission
annotation sets the interface as a public interface (accessible without login), login access, global layer interfaces, organization layer interfaces, and project level interfaces.
Organization
After the service is initialized, an organization "operational organization" is built in. At the same time, the admin user has all the privileges of the organization.
Client
The addition, deletion, and modification of the built-in client is a interface of organizational layer, which corresponds to the "client" needed to log in via oauth-server
.
Directory
Corresponding to the front page display directory, including add, delete, change check, is the global layer interface.
Password policy
register-server
, and the online operation needs to cooperate with go-register-server
.iam_service
database.CREATE USER 'choerodon'@'%' IDENTIFIED BY "123456";
CREATE DATABASE iam_service DEFAULT CHARACTER SET utf8;
GRANT ALL PRIVILEGES ON iam_service.* TO choerodon@'%';
FLUSH PRIVILEGES;
New file of "init-local-database.sh" in the root directory of the manager-service project:
mkdir -p target
if [ ! -f target/choerodon-tool-liquibase.jar ]
then
curl http://nexus.choerodon.com.cn/repository/choerodon-release/io/choerodon/choerodon-tool-liquibase/0.5.2.RELEASE/choerodon-tool-liquibase-0.5.2.RELEASE.jar -o target/choerodon-tool-liquibase.jar
fi
java -Dspring.datasource.url="jdbc:mysql://localhost/iam_service?useUnicode=true&characterEncoding=utf-8&useSSL=false" \
-Dspring.datasource.username=choerodon \
-Dspring.datasource.password=123456 \
-Ddata.drop=false -Ddata.init=true \
-Ddata.dir=src/main/resources \
-jar target/choerodon-tool-liquibase.jar
And executed in the root directory of the iam-service project:
sh init-local-database.sh
mvn spring-boot:run
or run IAMServiceApplication
in idea.go-register-server
config-server
Pull requests are welcome! Follow to know for more information on how to contribute.
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。