role

package
v9.4.19+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 9, 2022 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Overview

Package role manages roles in Kvdb and provides validation Copyright 2018 Portworx

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Package role manages roles in Kvdb and provides validation Copyright 2018 Portworx

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index

Constants

View Source 
const (
	SystemAdminRoleName = "system.admin"
	SystemViewRoleName  = "system.view"
	SystemUserRoleName  = "system.user"
	SystemGuestRoleName = "system.guest"
)

Variables

View Source 
var (
	// DefaultRoles are the default roles to load on system startup
	// Should be prefixed by `system.` to avoid collisions
	DefaultRoles = map[string]*DefaultRole{

		SystemAdminRoleName: &DefaultRole{
			Rules: []*api.SdkRule{
				&api.SdkRule{
					Services: []string{"*"},
					Apis:     []string{"*"},
				},
			},
			Mutable: false,
		},

		SystemViewRoleName: &DefaultRole{
			Rules: []*api.SdkRule{
				&api.SdkRule{
					Services: []string{"*"},
					Apis: []string{
						"*enumerate*",
						"inspect*",
						"stats",
						"status",
						"validate",
						"capacityusage",
					},
				},
				&api.SdkRule{
					Services: []string{"identity"},
					Apis:     []string{"*"},
				},
			},
			Mutable: false,
		},

		SystemUserRoleName: &DefaultRole{
			Rules: []*api.SdkRule{
				&api.SdkRule{
					Services: []string{
						"volume",
						"cloudbackup",
						"credentials",
						"objectstore",
						"schedulepolicy",
						"mountattach",
						"migrate",
					},
					Apis: []string{"*"},
				},
				&api.SdkRule{
					Services: []string{
						"cluster",
						"node",
					},
					Apis: []string{
						"inspect*",
						"enumerate*",
					},
				},
				&api.SdkRule{
					Services: []string{"identity"},
					Apis:     []string{"*"},
				},
				&api.SdkRule{
					Services: []string{"policy"},
					Apis: []string{
						"*enumerate*",

						"*inspect*",
					},
				},
			},
			Mutable: false,
		},

		SystemGuestRoleName: &DefaultRole{
			Rules: []*api.SdkRule{
				&api.SdkRule{
					Services: []string{"mountattach", "volume", "cloudbackup", "migrate"},
					Apis:     []string{"*"},
				},
				&api.SdkRule{
					Services: []string{"identity"},
					Apis:     []string{"version"},
				},
				&api.SdkRule{
					Services: []string{
						"cluster",
						"node",
					},
					Apis: []string{
						"inspect*",
						"enumerate*",
					},
				},
			},
			Mutable: true,
		},
	}
)

Functions

This section is empty.

Types

type DefaultRole 

type DefaultRole struct {
	Rules   []*api.SdkRule
	Mutable bool
}

DefaultRole is a role loaded into the system on startup

type RoleManager 

type RoleManager interface {
	api.OpenStorageRoleServer

	// Verify returns no error if the role exists and is allowed
	// to run the requested method
	Verify(ctx context.Context, roles []string, method string) error
}

RoleManager provides an implementation of the SDK Role handler and the necessary verification methods

type SdkRoleManager 

type SdkRoleManager struct {
	// contains filtered or unexported fields
}

SdkRoleManager is an implementation of the RoleManager for the SDK

func NewSdkRoleManager 

func NewSdkRoleManager(kv kvdb.Kvdb) (*SdkRoleManager, error)

NewSdkRoleManager returns a new SDK role manager

func (*SdkRoleManager) Create 

func (r *SdkRoleManager) Create(
	ctx context.Context,
	req *api.SdkRoleCreateRequest,
) (*api.SdkRoleCreateResponse, error)

Create saves a role in Kvdb

func (*SdkRoleManager) Delete 

func (r *SdkRoleManager) Delete(
	ctx context.Context,
	req *api.SdkRoleDeleteRequest,
) (*api.SdkRoleDeleteResponse, error)

Delete removes a role from Kvdb

func (*SdkRoleManager) Enumerate 

func (r *SdkRoleManager) Enumerate(
	ctx context.Context,
	req *api.SdkRoleEnumerateRequest,
) (*api.SdkRoleEnumerateResponse, error)

Enumerate returns a list of role names

func (*SdkRoleManager) Inspect 

func (r *SdkRoleManager) Inspect(
	ctx context.Context,
	req *api.SdkRoleInspectRequest,
) (*api.SdkRoleInspectResponse, error)

Inspect returns a role object

func (*SdkRoleManager) Update 

func (r *SdkRoleManager) Update(
	ctx context.Context,
	req *api.SdkRoleUpdateRequest,
) (*api.SdkRoleUpdateResponse, error)

Update replaces an existing role.

func (*SdkRoleManager) Verify 

func (r *SdkRoleManager) Verify(ctx context.Context, roles []string, fullmethod string) error

Verify determines if the role has access to `fullmethod`

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.