From fa1d884ec82d86b67b2ad6bc329fdcb7b43cecf8 Mon Sep 17 00:00:00 2001 From: jolestar Date: Mon, 12 Jun 2017 10:55:11 +0800 Subject: [PATCH] Document: update metad access rule document. --- README.md | 11 +++++- README_zh.md | 22 ++++++++++- docs/api.md | 61 ++++++++++++++++++++++++++++++ docs/{installation.md => build.md} | 19 +++------- 4 files changed, 96 insertions(+), 17 deletions(-) rename docs/{installation.md => build.md} (62%) diff --git a/README.md b/README.md index 440493d..50798dc 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,8 @@ metad ===== +English|[中文](README_zh.md) + [![Build Status](https://travis-ci.org/yunify/metad.svg?branch=master)](https://travis-ci.org/yunify/metad) [![Gitter](https://badges.gitter.im/yunify/metad.svg)](https://gitter.im/yunify/metad?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge) `metad` is a metadata server support the following features: @@ -10,11 +12,16 @@ metad * support metadata local cache, so it can be used as a proxy to reducing the request pressure of backend (etcd). * api out format support json/yaml/text,and is metadata/developer friendly data structure. * support as [confd](https://github.com/yunify/confd)'s backend. +* support metadata access rule define. -## Getting Started +## Installation + +You can download the latest release from [GitHub](https://github.com/yunify/metad/releases) -Before we begin be sure to [download and install metad](docs/installation.md). +* [build from source](docs/build.md) + +## Getting Started * [quick start guide](docs/quick-start-guide.md) diff --git a/README_zh.md b/README_zh.md index da08223..9f5b7d6 100644 --- a/README_zh.md +++ b/README_zh.md @@ -1,5 +1,8 @@ # metad +[English](README.md)|中文 + +[![Build Status](https://travis-ci.org/yunify/metad.svg?branch=master)](https://travis-ci.org/yunify/metad) [![Gitter](https://badges.gitter.im/yunify/metad.svg)](https://gitter.im/yunify/metad?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge) `metad` 是一个元数据服务,主要提供以下功能: @@ -7,4 +10,21 @@ * 元数据后端存储支持 [etcd](https://github.com/coreos/etcd) (TODO 支持更多后端). * 元数据缓存,可以降低对后端(etcd)的请求压力. * 输出格式支持json/yaml/text,对配置以及开发更友好. -* 支持作为 [confd](https://github.com/kelseyhightower/confd) 的后端服务(TODO). +* 支持作为 [confd](https://github.com/kelseyhightower/confd) 的后端服务. +* 支持元数据的访问规则定义,避免隐私数据泄露. + +## 安装 + +你可以从后面的地址获取最新版本的二级制 [GitHub](https://github.com/yunify/metad/releases) + +* 也可以[从源码编译](docs/build.md) + +## 快速指南 + +* [快速指南](docs/quick-start-guide.md) + +## 下一步 + +* [Metad 配置说明](docs/configuration.md) +* [Metad API 文档](docs/api.md) +* [和 confd 的配合](docs/confd.md) \ No newline at end of file diff --git a/docs/api.md b/docs/api.md index e2297b0..6664b1f 100644 --- a/docs/api.md +++ b/docs/api.md @@ -93,3 +93,64 @@ This api is for manage metadata's ip mapping * PUT create or merge update mapping config. * DELETE delete mapping config, default delete all metadata in nodePath, unless subs parameter is present. +### /v1/rule[?hosts=192.168.1.x,192.168.1.x] + +This api is for manage metadata's metadata access rule. + +* GET show hosts access rule config, if hosts parameter is missing, output all hosts. +* POST|PUT update access rule, body is a json object: + + ```json + { + "192.168.1.10":[{"path":"/clusters/cl-1", "mode":1}] + } + ``` + +* DELETE delete hosts access rule + +## Access Rule Guide + +```go +type AccessRule struct { + Path string `json:"path"` + Mode AccessMode `json:"mode"` +} +``` + +### Access rule mode +* 0 forbidden +* 1 read + +### Access rule path description + +1. Allow use wildcard(*) in path. +2. The exact path rule has a higher priority than the wildcard path rule. +3. The deep path rule has a higher priority than the shallow path rule. + +such as: + +```json +[ + { + "path":"/", + "mode":0 + }, + { + "path":"/clusters", + "mode":1 + }, + { + "path":"/clusters/*/env", + "mode":0 + }, + { + "path":"/clusters/cl-1", + "mode":1 + } +] +``` + +1. Root is forbidden,/cluster is read,so client can access the metadata under /cluster ,but can not access cluster's sibling node. +2. /clusters/*/env this rule indicates that the metadata for the env folder of any subfolders under the clusters folder is forbidden to access,such as the client can not access /clusters/cl-2/env。 +3. /clusters/cl-1 exact define /clusters/cl-1 allow read,so the client can access any metadata that under /clusters/cl-1, include /clusters/cl-1/env. + diff --git a/docs/installation.md b/docs/build.md similarity index 62% rename from docs/installation.md rename to docs/build.md index d94b78d..799f9d3 100644 --- a/docs/installation.md +++ b/docs/build.md @@ -1,11 +1,6 @@ -# Installation +# Building -### Binary Download - -Currently metad ships binaries for OS X and Linux 64bit systems. You can download the latest release from [GitHub](https://github.com/yunify/metad/releases) - - -#### Building from Source +## Building from Source Go 1.7+ is required to build metad, which uses the new vendor directory. @@ -31,7 +26,7 @@ sudo ./install ``` -#### Building from Source by docker for alpine +## Building from Source by docker for alpine ``` docker build . -t qingcloud/metad_builder_alpine -f Dockerfile.build.alpine @@ -40,12 +35,8 @@ docker run -ti --rm -v $(pwd):/app qingcloud/metad_builder_alpine ./build The above docker commands will produce binary in the local bin directory. -#### Run by docker image +## Run by docker image ``` docker run -it qingcloud/metad -``` - -### Next Steps - -Get up and running with the [Quick Start Guide](quick-start-guide.md). +``` \ No newline at end of file