aclmodels

package
v0.3.11 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 2, 2024 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Overview

aclmodels contains models for acl v1 and v2

Index

Constants

View Source 
const (
	Acl2RorSubjectCluster        = "cluster"
	Acl2RorSubjectProject        = "project"
	Acl2RorSubjectGlobal         = "globalscope" // for subject, not scope, TODO: new const
	Acl2RorSubjectAcl            = "acl"         // for subject, not scope, TODO: new const
	Acl2RorSubjectApiKey         = "apikey"      //api key
	Acl2RorSubjectDatacenter     = "datacenter"
	Acl2RorSubjectWorkspace      = "workspace"
	Acl2RorSubjectPrice          = "price"
	Acl2RorSubjectVirtualMachine = "virtualmachine"
)

Variables

View Source 
var (
	Acl2RorValidSubjects []Acl2Subject = []Acl2Subject{
		Acl2RorSubjectGlobal,
		Acl2RorSubjectCluster,
		Acl2RorSubjectProject,
		Acl2RorSubjectAcl,
		Acl2RorSubjectDatacenter,
		Acl2RorSubjectWorkspace,
		Acl2RorSubjectPrice,
		Acl2RorSubjectVirtualMachine,
	}
)

Functions

This section is empty.

Types

type AccessType added in v0.2.6 

type AccessType string
const (
	AccessTypeRead             AccessType = "read"
	AccessTypeCreate           AccessType = "create"
	AccessTypeUpdate           AccessType = "update"
	AccessTypeDelete           AccessType = "delete"
	AccessTypeOwner            AccessType = "owner"
	AccessTypeRorMetadata      AccessType = "rormetadata"
	AccessTypeRorVulnerability AccessType = "rorvulnerability"
	AccessTypeClusterLogon     AccessType = "clusterlogon"
)

type Acl2Scope 

type Acl2Scope string
const (
	Acl2ScopeUnknown        Acl2Scope = ""    // unknown
	Acl2ScopeRor            Acl2Scope = "ror" // ROR
	Acl2ScopeCluster        Acl2Scope = "cluster"
	Acl2ScopeProject        Acl2Scope = "project"
	Acl2ScopeDatacenter     Acl2Scope = "datacenter"
	Acl2ScopeVirtualMachine Acl2Scope = "virtualmachine"
)

func GetScopes 

func GetScopes() []Acl2Scope

func (Acl2Scope) GetSubjects 

func (s Acl2Scope) GetSubjects(ctx context.Context) []Acl2Subject

TODO: implement

func (Acl2Scope) IsValid 

func (s Acl2Scope) IsValid() bool

IsValid validates the scope

type Acl2Subject 

type Acl2Subject string

func (Acl2Subject) HasValidScope 

func (s Acl2Subject) HasValidScope(scope Acl2Scope) bool

TODO: implement

type AclV1DBResult 

type AclV1DBResult struct {
	ClusterId string `bson:"clusterid"`
}

Used to verify access using the v1 acl model

type AclV1ListItem 

type AclV1ListItem struct {
	Cluster string `bson:"cluster"`
	Group   string `bson:"group"`
}

Full acl v1 model

type AclV1QueryUserCluster 

type AclV1QueryUserCluster struct {
	User      identitymodels.User
	ClusterId string
}

Used to query the v1 acl model

type AclV2ListItem 

type AclV2ListItem struct {
	Id      string              `json:"id" bson:"_id,omitempty"`                   // Id
	Version int                 `json:"version" default:"2" validate:"eq=2" `      // Acl Version, must be 2
	Group   string              `json:"group" validate:"required,min=1,rortext" `  // The group which the acces is granted
	Scope   Acl2Scope           `json:"scope" validate:"required,min=1,rortext"`   // Type of object ['cluster','project']
	Subject Acl2Subject         `json:"subject" validate:"required,min=1,rortext"` // The subject eg. clusterid, projectid (can be 'All')
	Access  AclV2ListItemAccess `json:"access" validate:"required"`                // v2 access model for ror api
	//	Accessv2   []map[AccessType]bool    `json:"accessv2" validate:""`                      // v2 access model for ror api
	Kubernetes AclV2ListItemKubernetes `json:"kubernetes" validate:""` // v2 access model for kubernetes
	Created    time.Time               `json:"created,omitempty"`
	IssuedBy   string                  `json:"issuedBy,omitempty" validate:"email"`
}

Full acl v2 model

type AclV2ListItemAccess 

type AclV2ListItemAccess struct {
	Read   bool `json:"read" validate:"boolean"`   // Read metadata of subject
	Create bool `json:"create" validate:"boolean"` // Write metadata of subject
	Update bool `json:"update" validate:"boolean"` // Update metadata of subject
	Delete bool `json:"delete" validate:"boolean"` // Delete metadata of subject
	Owner  bool `json:"owner" validate:"boolean"`  // Delete metadata of subject
}

v2 access model for ror api

type AclV2ListItemKubernetes 

type AclV2ListItemKubernetes struct {
	Logon bool `json:"logon,omitempty" validate:"boolean"` // Logon to subject if 'cluster'
}

v2 access model for kubernetes

type AclV2ListItems 

type AclV2ListItems struct {
	Scope   Acl2Scope           // Type of object ['cluster','project']
	Subject Acl2Subject         // The subject eg. clusterid, projectid (can be 'All')
	Global  AclV2ListItemAccess //If global access granted
	Items   []AclV2ListItem     // v2 access model for ror api
}

type AclV2QueryAccessScope 

type AclV2QueryAccessScope struct {
	Scope Acl2Scope
}

type AclV2QueryAccessScopeSubject 

type AclV2QueryAccessScopeSubject struct {
	Scope   Acl2Scope
	Subject Acl2Subject
}

v2 querymodel for access

func NewAclV2QueryAccessScopeSubject 

func NewAclV2QueryAccessScopeSubject(scope any, subject any) AclV2QueryAccessScopeSubject

func (AclV2QueryAccessScopeSubject) IsValid 

func (q AclV2QueryAccessScopeSubject) IsValid() bool

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.