grn 是graylog 的资源名称,属于一种urn,从功能上类似aws 的 arn 主要用来进行权限以及资源分配管理
参考格式
grn:<cluster>:<tenant>:<scope>:<type>:<entity>
graylog 解析处理
核心是slit,然后拆分处理
static GRN parse(String grn, GRNRegistry grnRegistry) {
final List<String> tokens = SPLITTER.splitToList(grn.toLowerCase(Locale.ENGLISH));
if (tokens.size() != 6) {
throw new IllegalArgumentException(String.format(Locale.US, "<%s> is not a valid GRN string", grn));
}
if (!tokens.get(0).equals("grn")) {
throw new IllegalArgumentException(String.format(Locale.US, "<%s> is not a grn scheme", tokens.get(0)));
}
final String type = tokens.get(4);
final Builder builder = grnRegistry.newGRNBuilder(type)
.cluster(tokens.get(1))
.tenant(tokens.get(2))
.scope(tokens.get(3))
.entity(tokens.get(5));
return builder.build();
}
final List<String> tokens = SPLITTER.splitToList(grn.toLowerCase(Locale.ENGLISH));
权限部分对于type 的使用
// ENTITY_OWN is applicable to any target
return permission.startsWith(RestPermissions.ENTITY_OWN) ||
permission.startsWith(grnType().permissionPrefix()) ||
// TODO Dashboard code still uses `view:` permissions
(grnType().equals(GRNTypes.DASHBOARD) && permission.startsWith(GRNTypes.SEARCH.permissionPrefix()));
}
// ENTITY_OWN is applicable to any target
说明
基于urn 的权限管理是一个很不错的选择,比如shiro 就基于了urn 但是扩展了不少,graylog 好多东西都基于了此能力
