aclmodels

package
v1.0.0-rc10 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 6, 2025 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Overview

aclmodels contains models for acl v1 and v2

Index

Constants

View Source
const (
	Acl2RorSubjectCluster        = "cluster"
	Acl2RorSubjectProject        = "project"
	Acl2RorSubjectGlobal         = "globalscope" // for subject, not scope, TODO: new const
	Acl2RorSubjectAcl            = "acl"         // for subject, not scope, TODO: new const
	Acl2RorSubjectApiKey         = "apikey"      //api key
	Acl2RorSubjectDatacenter     = "datacenter"
	Acl2RorSubjectWorkspace      = "workspace"
	Acl2RorSubjectPrice          = "price"
	Acl2RorSubjectVirtualMachine = "virtualmachine"
)

Variables

Functions

This section is empty.

Types

type AccessType

type AccessType string
const (
	AccessTypeRead             AccessType = "read"
	AccessTypeCreate           AccessType = "create"
	AccessTypeUpdate           AccessType = "update"
	AccessTypeDelete           AccessType = "delete"
	AccessTypeOwner            AccessType = "owner"
	AccessTypeRorMetadata      AccessType = "rormetadata"
	AccessTypeRorVulnerability AccessType = "rorvulnerability"
	AccessTypeClusterLogon     AccessType = "clusterlogon"
)

type Acl2Scope

type Acl2Scope string
const (
	Acl2ScopeUnknown        Acl2Scope = ""    // unknown
	Acl2ScopeRor            Acl2Scope = "ror" // ROR
	Acl2ScopeCluster        Acl2Scope = "cluster"
	Acl2ScopeProject        Acl2Scope = "project"
	Acl2ScopeDatacenter     Acl2Scope = "datacenter"
	Acl2ScopeVirtualMachine Acl2Scope = "virtualmachine"
)

func GetScopes

func GetScopes() []Acl2Scope

func (Acl2Scope) GetSubjects

func (s Acl2Scope) GetSubjects(ctx context.Context) []Acl2Subject

TODO: implement

func (Acl2Scope) IsValid

func (s Acl2Scope) IsValid() bool

IsValid validates the scope

type Acl2Subject

type Acl2Subject string

func (Acl2Subject) HasValidScope

func (s Acl2Subject) HasValidScope(scope Acl2Scope) bool

TODO: implement

type AclV1DBResult

type AclV1DBResult struct {
	ClusterId string `bson:"clusterid"`
}

Used to verify access using the v1 acl model

type AclV1ListItem

type AclV1ListItem struct {
	Cluster string `bson:"cluster"`
	Group   string `bson:"group"`
}

Full acl v1 model

type AclV1QueryUserCluster

type AclV1QueryUserCluster struct {
	User      identitymodels.User
	ClusterId string
}

Used to query the v1 acl model

type AclV2ListItem

type AclV2ListItem struct {
	Id      string              `json:"id" bson:"_id,omitempty"`                   // Id
	Version int                 `json:"version" default:"2" validate:"eq=2" `      // Acl Version, must be 2
	Group   string              `json:"group" validate:"required,min=1,rortext" `  // The group which the acces is granted
	Scope   Acl2Scope           `json:"scope" validate:"required,min=1,rortext"`   // Type of object ['cluster','project']
	Subject Acl2Subject         `json:"subject" validate:"required,min=1,rortext"` // The subject eg. clusterid, projectid (can be 'All')
	Access  AclV2ListItemAccess `json:"access" validate:"required"`                // v2 access model for ror api
	//	Accessv2   []map[AccessType]bool    `json:"accessv2" validate:""`                      // v2 access model for ror api
	Kubernetes AclV2ListItemKubernetes `json:"kubernetes" validate:""` // v2 access model for kubernetes
	Created    time.Time               `json:"created,omitempty"`
	IssuedBy   string                  `json:"issuedBy,omitempty" validate:"email"`
}

Full acl v2 model

type AclV2ListItemAccess

type AclV2ListItemAccess struct {
	Read   bool `json:"read" validate:"boolean"`   // Read metadata of subject
	Create bool `json:"create" validate:"boolean"` // Write metadata of subject
	Update bool `json:"update" validate:"boolean"` // Update metadata of subject
	Delete bool `json:"delete" validate:"boolean"` // Delete metadata of subject
	Owner  bool `json:"owner" validate:"boolean"`  // Delete metadata of subject
}

v2 access model for ror api

type AclV2ListItemKubernetes

type AclV2ListItemKubernetes struct {
	Logon bool `json:"logon,omitempty" validate:"boolean"` // Logon to subject if 'cluster'
}

v2 access model for kubernetes

type AclV2ListItems

type AclV2ListItems struct {
	Scope   Acl2Scope           // Type of object ['cluster','project']
	Subject Acl2Subject         // The subject eg. clusterid, projectid (can be 'All')
	Global  AclV2ListItemAccess //If global access granted
	Items   []AclV2ListItem     // v2 access model for ror api
}

type AclV2QueryAccessScope

type AclV2QueryAccessScope struct {
	Scope Acl2Scope
}

type AclV2QueryAccessScopeSubject

type AclV2QueryAccessScopeSubject struct {
	Scope   Acl2Scope
	Subject Acl2Subject
}

v2 querymodel for access

func NewAclV2QueryAccessScopeSubject

func NewAclV2QueryAccessScopeSubject(scope any, subject any) AclV2QueryAccessScopeSubject

func (AclV2QueryAccessScopeSubject) IsValid

func (q AclV2QueryAccessScopeSubject) IsValid() bool

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL