permission

package
v0.0.0-...-1b7c243 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 9, 2017 License: BSD-3-Clause Imports: 11 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	CtxGlobal          = contextType("global")
	CtxApp             = contextType("app")
	CtxTeam            = contextType("team")
	CtxUser            = contextType("user")
	CtxPool            = contextType("pool")
	CtxIaaS            = contextType("iaas")
	CtxService         = contextType("service")
	CtxServiceInstance = contextType("service-instance")
	CtxVolume          = contextType("volume")

	ContextTypes = []contextType{
		CtxGlobal, CtxApp, CtxTeam, CtxPool, CtxIaaS, CtxService, CtxServiceInstance,
	}
)
View Source
var (
	PermAll                              = PermissionRegistry.get("")                                    // [global]
	PermApp                              = PermissionRegistry.get("app")                                 // [global app team pool]
	PermAppAdmin                         = PermissionRegistry.get("app.admin")                           // [global app team pool]
	PermAppAdminQuota                    = PermissionRegistry.get("app.admin.quota")                     // [global app team pool]
	PermAppAdminRoutes                   = PermissionRegistry.get("app.admin.routes")                    // [global app team pool]
	PermAppAdminUnlock                   = PermissionRegistry.get("app.admin.unlock")                    // [global app team pool]
	PermAppBuild                         = PermissionRegistry.get("app.build")                           // [global app team pool]
	PermAppCreate                        = PermissionRegistry.get("app.create")                          // [global team]
	PermAppDelete                        = PermissionRegistry.get("app.delete")                          // [global app team pool]
	PermAppDeploy                        = PermissionRegistry.get("app.deploy")                          // [global app team pool]
	PermAppDeployArchiveUrl              = PermissionRegistry.get("app.deploy.archive-url")              // [global app team pool]
	PermAppDeployBuild                   = PermissionRegistry.get("app.deploy.build")                    // [global app team pool]
	PermAppDeployGit                     = PermissionRegistry.get("app.deploy.git")                      // [global app team pool]
	PermAppDeployImage                   = PermissionRegistry.get("app.deploy.image")                    // [global app team pool]
	PermAppDeployRollback                = PermissionRegistry.get("app.deploy.rollback")                 // [global app team pool]
	PermAppDeployUpload                  = PermissionRegistry.get("app.deploy.upload")                   // [global app team pool]
	PermAppRead                          = PermissionRegistry.get("app.read")                            // [global app team pool]
	PermAppReadCertificate               = PermissionRegistry.get("app.read.certificate")                // [global app team pool]
	PermAppReadDeploy                    = PermissionRegistry.get("app.read.deploy")                     // [global app team pool]
	PermAppReadEnv                       = PermissionRegistry.get("app.read.env")                        // [global app team pool]
	PermAppReadEvents                    = PermissionRegistry.get("app.read.events")                     // [global app team pool]
	PermAppReadLog                       = PermissionRegistry.get("app.read.log")                        // [global app team pool]
	PermAppReadMetric                    = PermissionRegistry.get("app.read.metric")                     // [global app team pool]
	PermAppReadRouter                    = PermissionRegistry.get("app.read.router")                     // [global app team pool]
	PermAppRun                           = PermissionRegistry.get("app.run")                             // [global app team pool]
	PermAppRunShell                      = PermissionRegistry.get("app.run.shell")                       // [global app team pool]
	PermAppUpdate                        = PermissionRegistry.get("app.update")                          // [global app team pool]
	PermAppUpdateBind                    = PermissionRegistry.get("app.update.bind")                     // [global app team pool]
	PermAppUpdateBindVolume              = PermissionRegistry.get("app.update.bind-volume")              // [global app team pool]
	PermAppUpdateCertificate             = PermissionRegistry.get("app.update.certificate")              // [global app team pool]
	PermAppUpdateCertificateSet          = PermissionRegistry.get("app.update.certificate.set")          // [global app team pool]
	PermAppUpdateCertificateUnset        = PermissionRegistry.get("app.update.certificate.unset")        // [global app team pool]
	PermAppUpdateCname                   = PermissionRegistry.get("app.update.cname")                    // [global app team pool]
	PermAppUpdateCnameAdd                = PermissionRegistry.get("app.update.cname.add")                // [global app team pool]
	PermAppUpdateCnameRemove             = PermissionRegistry.get("app.update.cname.remove")             // [global app team pool]
	PermAppUpdateDeploy                  = PermissionRegistry.get("app.update.deploy")                   // [global app team pool]
	PermAppUpdateDeployRollback          = PermissionRegistry.get("app.update.deploy.rollback")          // [global app team pool]
	PermAppUpdateDescription             = PermissionRegistry.get("app.update.description")              // [global app team pool]
	PermAppUpdateEnv                     = PermissionRegistry.get("app.update.env")                      // [global app team pool]
	PermAppUpdateEnvSet                  = PermissionRegistry.get("app.update.env.set")                  // [global app team pool]
	PermAppUpdateEnvUnset                = PermissionRegistry.get("app.update.env.unset")                // [global app team pool]
	PermAppUpdateEvents                  = PermissionRegistry.get("app.update.events")                   // [global app team pool]
	PermAppUpdateGrant                   = PermissionRegistry.get("app.update.grant")                    // [global app team pool]
	PermAppUpdateImageReset              = PermissionRegistry.get("app.update.image-reset")              // [global app team pool]
	PermAppUpdateLog                     = PermissionRegistry.get("app.update.log")                      // [global app team pool]
	PermAppUpdatePlan                    = PermissionRegistry.get("app.update.plan")                     // [global app team pool]
	PermAppUpdatePlatform                = PermissionRegistry.get("app.update.platform")                 // [global app team pool]
	PermAppUpdatePool                    = PermissionRegistry.get("app.update.pool")                     // [global app team pool]
	PermAppUpdateRestart                 = PermissionRegistry.get("app.update.restart")                  // [global app team pool]
	PermAppUpdateRevoke                  = PermissionRegistry.get("app.update.revoke")                   // [global app team pool]
	PermAppUpdateRouter                  = PermissionRegistry.get("app.update.router")                   // [global app team pool]
	PermAppUpdateRouterAdd               = PermissionRegistry.get("app.update.router.add")               // [global app team pool]
	PermAppUpdateRouterRemove            = PermissionRegistry.get("app.update.router.remove")            // [global app team pool]
	PermAppUpdateRouterUpdate            = PermissionRegistry.get("app.update.router.update")            // [global app team pool]
	PermAppUpdateSleep                   = PermissionRegistry.get("app.update.sleep")                    // [global app team pool]
	PermAppUpdateStart                   = PermissionRegistry.get("app.update.start")                    // [global app team pool]
	PermAppUpdateStop                    = PermissionRegistry.get("app.update.stop")                     // [global app team pool]
	PermAppUpdateSwap                    = PermissionRegistry.get("app.update.swap")                     // [global app team pool]
	PermAppUpdateTags                    = PermissionRegistry.get("app.update.tags")                     // [global app team pool]
	PermAppUpdateTeamowner               = PermissionRegistry.get("app.update.teamowner")                // [global app team pool]
	PermAppUpdateUnbind                  = PermissionRegistry.get("app.update.unbind")                   // [global app team pool]
	PermAppUpdateUnbindVolume            = PermissionRegistry.get("app.update.unbind-volume")            // [global app team pool]
	PermAppUpdateUnit                    = PermissionRegistry.get("app.update.unit")                     // [global app team pool]
	PermAppUpdateUnitAdd                 = PermissionRegistry.get("app.update.unit.add")                 // [global app team pool]
	PermAppUpdateUnitRegister            = PermissionRegistry.get("app.update.unit.register")            // [global app team pool]
	PermAppUpdateUnitRemove              = PermissionRegistry.get("app.update.unit.remove")              // [global app team pool]
	PermAppUpdateUnitStatus              = PermissionRegistry.get("app.update.unit.status")              // [global app team pool]
	PermCluster                          = PermissionRegistry.get("cluster")                             // [global]
	PermClusterCreate                    = PermissionRegistry.get("cluster.create")                      // [global]
	PermClusterDelete                    = PermissionRegistry.get("cluster.delete")                      // [global]
	PermClusterRead                      = PermissionRegistry.get("cluster.read")                        // [global]
	PermClusterReadEvents                = PermissionRegistry.get("cluster.read.events")                 // [global]
	PermClusterUpdate                    = PermissionRegistry.get("cluster.update")                      // [global]
	PermDebug                            = PermissionRegistry.get("debug")                               // [global]
	PermEventBlock                       = PermissionRegistry.get("event-block")                         // [global]
	PermEventBlockAdd                    = PermissionRegistry.get("event-block.add")                     // [global]
	PermEventBlockRead                   = PermissionRegistry.get("event-block.read")                    // [global]
	PermEventBlockReadEvents             = PermissionRegistry.get("event-block.read.events")             // [global]
	PermEventBlockRemove                 = PermissionRegistry.get("event-block.remove")                  // [global]
	PermHealing                          = PermissionRegistry.get("healing")                             // [global pool]
	PermHealingDelete                    = PermissionRegistry.get("healing.delete")                      // [global pool]
	PermHealingRead                      = PermissionRegistry.get("healing.read")                        // [global pool]
	PermHealingUpdate                    = PermissionRegistry.get("healing.update")                      // [global pool]
	PermInstall                          = PermissionRegistry.get("install")                             // [global]
	PermInstallManage                    = PermissionRegistry.get("install.manage")                      // [global]
	PermMachine                          = PermissionRegistry.get("machine")                             // [global iaas]
	PermMachineDelete                    = PermissionRegistry.get("machine.delete")                      // [global iaas]
	PermMachineRead                      = PermissionRegistry.get("machine.read")                        // [global iaas]
	PermMachineReadEvents                = PermissionRegistry.get("machine.read.events")                 // [global iaas]
	PermMachineTemplate                  = PermissionRegistry.get("machine.template")                    // [global iaas]
	PermMachineTemplateCreate            = PermissionRegistry.get("machine.template.create")             // [global iaas]
	PermMachineTemplateDelete            = PermissionRegistry.get("machine.template.delete")             // [global iaas]
	PermMachineTemplateRead              = PermissionRegistry.get("machine.template.read")               // [global iaas]
	PermMachineTemplateUpdate            = PermissionRegistry.get("machine.template.update")             // [global iaas]
	PermNode                             = PermissionRegistry.get("node")                                // [global pool]
	PermNodeAutoscale                    = PermissionRegistry.get("node.autoscale")                      // [global]
	PermNodeAutoscaleDelete              = PermissionRegistry.get("node.autoscale.delete")               // [global]
	PermNodeAutoscaleRead                = PermissionRegistry.get("node.autoscale.read")                 // [global]
	PermNodeAutoscaleUpdate              = PermissionRegistry.get("node.autoscale.update")               // [global]
	PermNodeAutoscaleUpdateRun           = PermissionRegistry.get("node.autoscale.update.run")           // [global]
	PermNodeCreate                       = PermissionRegistry.get("node.create")                         // [global pool]
	PermNodeDelete                       = PermissionRegistry.get("node.delete")                         // [global pool]
	PermNodeRead                         = PermissionRegistry.get("node.read")                           // [global pool]
	PermNodeUpdate                       = PermissionRegistry.get("node.update")                         // [global pool]
	PermNodeUpdateMove                   = PermissionRegistry.get("node.update.move")                    // [global pool]
	PermNodeUpdateMoveContainer          = PermissionRegistry.get("node.update.move.container")          // [global pool]
	PermNodeUpdateMoveContainers         = PermissionRegistry.get("node.update.move.containers")         // [global pool]
	PermNodeUpdateRebalance              = PermissionRegistry.get("node.update.rebalance")               // [global pool]
	PermNodecontainer                    = PermissionRegistry.get("nodecontainer")                       // [global pool]
	PermNodecontainerCreate              = PermissionRegistry.get("nodecontainer.create")                // [global pool]
	PermNodecontainerDelete              = PermissionRegistry.get("nodecontainer.delete")                // [global pool]
	PermNodecontainerRead                = PermissionRegistry.get("nodecontainer.read")                  // [global pool]
	PermNodecontainerUpdate              = PermissionRegistry.get("nodecontainer.update")                // [global pool]
	PermNodecontainerUpdateUpgrade       = PermissionRegistry.get("nodecontainer.update.upgrade")        // [global pool]
	PermPlan                             = PermissionRegistry.get("plan")                                // [global]
	PermPlanCreate                       = PermissionRegistry.get("plan.create")                         // [global]
	PermPlanDelete                       = PermissionRegistry.get("plan.delete")                         // [global]
	PermPlanRead                         = PermissionRegistry.get("plan.read")                           // [global]
	PermPlanReadEvents                   = PermissionRegistry.get("plan.read.events")                    // [global]
	PermPlatform                         = PermissionRegistry.get("platform")                            // [global]
	PermPlatformCreate                   = PermissionRegistry.get("platform.create")                     // [global]
	PermPlatformDelete                   = PermissionRegistry.get("platform.delete")                     // [global]
	PermPlatformRead                     = PermissionRegistry.get("platform.read")                       // [global]
	PermPlatformReadEvents               = PermissionRegistry.get("platform.read.events")                // [global]
	PermPlatformUpdate                   = PermissionRegistry.get("platform.update")                     // [global]
	PermPool                             = PermissionRegistry.get("pool")                                // [global pool]
	PermPoolCreate                       = PermissionRegistry.get("pool.create")                         // [global]
	PermPoolDelete                       = PermissionRegistry.get("pool.delete")                         // [global pool]
	PermPoolRead                         = PermissionRegistry.get("pool.read")                           // [global pool]
	PermPoolReadConstraints              = PermissionRegistry.get("pool.read.constraints")               // [global pool]
	PermPoolReadEvents                   = PermissionRegistry.get("pool.read.events")                    // [global pool]
	PermPoolUpdate                       = PermissionRegistry.get("pool.update")                         // [global pool]
	PermPoolUpdateConstraints            = PermissionRegistry.get("pool.update.constraints")             // [global pool]
	PermPoolUpdateConstraintsSet         = PermissionRegistry.get("pool.update.constraints.set")         // [global pool]
	PermPoolUpdateLogs                   = PermissionRegistry.get("pool.update.logs")                    // [global pool]
	PermPoolUpdateTeam                   = PermissionRegistry.get("pool.update.team")                    // [global pool]
	PermPoolUpdateTeamAdd                = PermissionRegistry.get("pool.update.team.add")                // [global pool]
	PermPoolUpdateTeamRemove             = PermissionRegistry.get("pool.update.team.remove")             // [global pool]
	PermRole                             = PermissionRegistry.get("role")                                // [global]
	PermRoleCreate                       = PermissionRegistry.get("role.create")                         // [global]
	PermRoleDefault                      = PermissionRegistry.get("role.default")                        // [global]
	PermRoleDefaultCreate                = PermissionRegistry.get("role.default.create")                 // [global]
	PermRoleDefaultDelete                = PermissionRegistry.get("role.default.delete")                 // [global]
	PermRoleDelete                       = PermissionRegistry.get("role.delete")                         // [global]
	PermRoleRead                         = PermissionRegistry.get("role.read")                           // [global]
	PermRoleReadEvents                   = PermissionRegistry.get("role.read.events")                    // [global]
	PermRoleUpdate                       = PermissionRegistry.get("role.update")                         // [global]
	PermRoleUpdateAssign                 = PermissionRegistry.get("role.update.assign")                  // [global]
	PermRoleUpdateContext                = PermissionRegistry.get("role.update.context")                 // [global]
	PermRoleUpdateContextType            = PermissionRegistry.get("role.update.context.type")            // [global]
	PermRoleUpdateDescription            = PermissionRegistry.get("role.update.description")             // [global]
	PermRoleUpdateDissociate             = PermissionRegistry.get("role.update.dissociate")              // [global]
	PermRoleUpdateName                   = PermissionRegistry.get("role.update.name")                    // [global]
	PermRoleUpdatePermission             = PermissionRegistry.get("role.update.permission")              // [global]
	PermRoleUpdatePermissionAdd          = PermissionRegistry.get("role.update.permission.add")          // [global]
	PermRoleUpdatePermissionRemove       = PermissionRegistry.get("role.update.permission.remove")       // [global]
	PermService                          = PermissionRegistry.get("service")                             // [global service team]
	PermServiceInstance                  = PermissionRegistry.get("service-instance")                    // [global service-instance team]
	PermServiceInstanceCreate            = PermissionRegistry.get("service-instance.create")             // [global team]
	PermServiceInstanceDelete            = PermissionRegistry.get("service-instance.delete")             // [global service-instance team]
	PermServiceInstanceRead              = PermissionRegistry.get("service-instance.read")               // [global service-instance team]
	PermServiceInstanceReadEvents        = PermissionRegistry.get("service-instance.read.events")        // [global service-instance team]
	PermServiceInstanceReadStatus        = PermissionRegistry.get("service-instance.read.status")        // [global service-instance team]
	PermServiceInstanceUpdate            = PermissionRegistry.get("service-instance.update")             // [global service-instance team]
	PermServiceInstanceUpdateBind        = PermissionRegistry.get("service-instance.update.bind")        // [global service-instance team]
	PermServiceInstanceUpdateDescription = PermissionRegistry.get("service-instance.update.description") // [global service-instance team]
	PermServiceInstanceUpdateGrant       = PermissionRegistry.get("service-instance.update.grant")       // [global service-instance team]
	PermServiceInstanceUpdatePlan        = PermissionRegistry.get("service-instance.update.plan")        // [global service-instance team]
	PermServiceInstanceUpdateProxy       = PermissionRegistry.get("service-instance.update.proxy")       // [global service-instance team]
	PermServiceInstanceUpdateRevoke      = PermissionRegistry.get("service-instance.update.revoke")      // [global service-instance team]
	PermServiceInstanceUpdateTags        = PermissionRegistry.get("service-instance.update.tags")        // [global service-instance team]
	PermServiceInstanceUpdateTeamowner   = PermissionRegistry.get("service-instance.update.teamowner")   // [global service-instance team]
	PermServiceInstanceUpdateUnbind      = PermissionRegistry.get("service-instance.update.unbind")      // [global service-instance team]
	PermServiceCreate                    = PermissionRegistry.get("service.create")                      // [global team]
	PermServiceDelete                    = PermissionRegistry.get("service.delete")                      // [global service team]
	PermServiceRead                      = PermissionRegistry.get("service.read")                        // [global service team]
	PermServiceReadDoc                   = PermissionRegistry.get("service.read.doc")                    // [global service team]
	PermServiceReadEvents                = PermissionRegistry.get("service.read.events")                 // [global service team]
	PermServiceReadPlans                 = PermissionRegistry.get("service.read.plans")                  // [global service team]
	PermServiceUpdate                    = PermissionRegistry.get("service.update")                      // [global service team]
	PermServiceUpdateDoc                 = PermissionRegistry.get("service.update.doc")                  // [global service team]
	PermServiceUpdateGrantAccess         = PermissionRegistry.get("service.update.grant-access")         // [global service team]
	PermServiceUpdateProxy               = PermissionRegistry.get("service.update.proxy")                // [global service team]
	PermServiceUpdateRevokeAccess        = PermissionRegistry.get("service.update.revoke-access")        // [global service team]
	PermTeam                             = PermissionRegistry.get("team")                                // [global team]
	PermTeamCreate                       = PermissionRegistry.get("team.create")                         // [global]
	PermTeamDelete                       = PermissionRegistry.get("team.delete")                         // [global team]
	PermTeamRead                         = PermissionRegistry.get("team.read")                           // [global team]
	PermTeamReadEvents                   = PermissionRegistry.get("team.read.events")                    // [global team]
	PermTeamUpdate                       = PermissionRegistry.get("team.update")                         // [global team]
	PermUser                             = PermissionRegistry.get("user")                                // [global user]
	PermUserCreate                       = PermissionRegistry.get("user.create")                         // [global]
	PermUserDelete                       = PermissionRegistry.get("user.delete")                         // [global user]
	PermUserRead                         = PermissionRegistry.get("user.read")                           // [global user]
	PermUserReadEvents                   = PermissionRegistry.get("user.read.events")                    // [global user]
	PermUserUpdate                       = PermissionRegistry.get("user.update")                         // [global user]
	PermUserUpdateKey                    = PermissionRegistry.get("user.update.key")                     // [global user]
	PermUserUpdateKeyAdd                 = PermissionRegistry.get("user.update.key.add")                 // [global user]
	PermUserUpdateKeyRemove              = PermissionRegistry.get("user.update.key.remove")              // [global user]
	PermUserUpdatePassword               = PermissionRegistry.get("user.update.password")                // [global user]
	PermUserUpdateQuota                  = PermissionRegistry.get("user.update.quota")                   // [global user]
	PermUserUpdateReset                  = PermissionRegistry.get("user.update.reset")                   // [global user]
	PermUserUpdateToken                  = PermissionRegistry.get("user.update.token")                   // [global user]
	PermVolume                           = PermissionRegistry.get("volume")                              // [global volume team pool]
	PermVolumeCreate                     = PermissionRegistry.get("volume.create")                       // [global team pool]
	PermVolumeDelete                     = PermissionRegistry.get("volume.delete")                       // [global volume team pool]
	PermVolumeRead                       = PermissionRegistry.get("volume.read")                         // [global volume team pool]
	PermVolumeReadEvents                 = PermissionRegistry.get("volume.read.events")                  // [global volume team pool]
	PermVolumeUpdate                     = PermissionRegistry.get("volume.update")                       // [global volume team pool]
	PermVolumeUpdateBind                 = PermissionRegistry.get("volume.update.bind")                  // [global volume team pool]
	PermVolumeUpdateUnbind               = PermissionRegistry.get("volume.update.unbind")                // [global volume team pool]
)
View Source
var (
	ErrRoleNotFound          = errors.New("role not found")
	ErrRoleAlreadyExists     = errors.New("role already exists")
	ErrRoleEventNotFound     = errors.New("role event not found")
	ErrInvalidRoleName       = errors.New("invalid role name")
	ErrInvalidPermissionName = errors.New("invalid permission name")

	RoleEventUserCreate = &RoleEvent{
		name:        "user-create",
		context:     CtxGlobal,
		Description: "role added to user when user is created",
	}
	RoleEventTeamCreate = &RoleEvent{
		name:        "team-create",
		context:     CtxTeam,
		Description: "role added to user when a new team is created",
	}

	RoleEventMap = map[string]*RoleEvent{
		RoleEventUserCreate.name: RoleEventUserCreate,
		RoleEventTeamCreate.name: RoleEventTeamCreate,
	}
)
View Source
var ErrTooManyTeams = &tsuruErrors.HTTP{Code: http.StatusBadRequest, Message: "You must provide a team to execute this action."}
View Source
var ErrUnauthorized = &tsuruErrors.HTTP{Code: http.StatusForbidden, Message: "You don't have permission to do this action"}
View Source
var PermissionRegistry = (&registry{}).addWithCtx(
	"app", []contextType{CtxApp, CtxTeam, CtxPool},
).addWithCtx(
	"app.create", []contextType{CtxTeam},
).add(
	"app.update.description",
	"app.update.tags",
	"app.update.log",
	"app.update.pool",
	"app.update.unit.add",
	"app.update.unit.remove",
	"app.update.unit.register",
	"app.update.unit.status",
	"app.update.env.set",
	"app.update.env.unset",
	"app.update.restart",
	"app.update.sleep",
	"app.update.start",
	"app.update.stop",
	"app.update.swap",
	"app.update.grant",
	"app.update.revoke",
	"app.update.teamowner",
	"app.update.cname.add",
	"app.update.cname.remove",
	"app.update.plan",
	"app.update.platform",
	"app.update.bind",
	"app.update.bind-volume",
	"app.update.image-reset",
	"app.update.events",
	"app.update.unbind",
	"app.update.unbind-volume",
	"app.update.certificate.set",
	"app.update.certificate.unset",
	"app.update.deploy.rollback",
	"app.update.router.add",
	"app.update.router.update",
	"app.update.router.remove",
	"app.deploy",
	"app.deploy.archive-url",
	"app.deploy.build",
	"app.deploy.git",
	"app.deploy.image",
	"app.deploy.rollback",
	"app.deploy.upload",
	"app.read",
	"app.read.deploy",
	"app.read.router",
	"app.read.env",
	"app.read.events",
	"app.read.metric",
	"app.read.log",
	"app.read.certificate",
	"app.delete",
	"app.run",
	"app.run.shell",
	"app.admin.unlock",
	"app.admin.routes",
	"app.admin.quota",
	"app.build",
).addWithCtx(
	"node", []contextType{CtxPool},
).add(
	"node.create",
	"node.read",
	"node.update.move.container",
	"node.update.move.containers",
	"node.update.rebalance",
	"node.delete",
).addWithCtx(
	"node.autoscale", []contextType{},
).add(
	"node.autoscale.update",
	"node.autoscale.update.run",
	"node.autoscale.read",
	"node.autoscale.delete",
).addWithCtx(
	"machine", []contextType{CtxIaaS},
).add(
	"machine.delete",
	"machine.read",
	"machine.read.events",
	"machine.template.create",
	"machine.template.delete",
	"machine.template.update",
	"machine.template.read",
).addWithCtx(
	"team", []contextType{CtxTeam},
).addWithCtx(
	"team.create", []contextType{},
).add(
	"team.read.events",
	"team.delete",
	"team.update",
).addWithCtx(
	"user", []contextType{CtxUser},
).addWithCtx(
	"user.create", []contextType{},
).add(
	"user.delete",
	"user.read.events",
	"user.update.token",
	"user.update.quota",
	"user.update.password",
	"user.update.reset",
	"user.update.key.add",
	"user.update.key.remove",
).addWithCtx(
	"service", []contextType{CtxService, CtxTeam},
).addWithCtx(
	"service.create", []contextType{CtxTeam},
).add(
	"service.read.doc",
	"service.read.plans",
	"service.read.events",
	"service.update.proxy",
	"service.update.revoke-access",
	"service.update.grant-access",
	"service.update.doc",
	"service.delete",
).addWithCtx(
	"service-instance", []contextType{CtxServiceInstance, CtxTeam},
).addWithCtx(
	"service-instance.create", []contextType{CtxTeam},
).add(
	"service-instance.read.events",
	"service-instance.read.status",
	"service-instance.delete",
	"service-instance.update.proxy",
	"service-instance.update.bind",
	"service-instance.update.unbind",
	"service-instance.update.grant",
	"service-instance.update.revoke",
	"service-instance.update.description",
	"service-instance.update.tags",
	"service-instance.update.teamowner",
	"service-instance.update.plan",
).add(
	"role.create",
	"role.delete",
	"role.read.events",
	"role.update.name",
	"role.update.assign",
	"role.update.dissociate",
	"role.update.description",
	"role.update.context.type",
	"role.update.permission.add",
	"role.update.permission.remove",
	"role.default.create",
	"role.default.delete",
).add(
	"platform.create",
	"platform.delete",
	"platform.update",
	"platform.read.events",
).add(
	"plan.create",
	"plan.delete",
	"plan.read.events",
).addWithCtx(
	"pool", []contextType{CtxPool},
).addWithCtx(
	"pool.create", []contextType{},
).add(
	"pool.read.events",
	"pool.update.team.add",
	"pool.update.team.remove",
	"pool.update.constraints.set",
	"pool.read.constraints",
	"pool.update.logs",
	"pool.delete",
).add(
	"debug",
).add(
	"healing.read",
).addWithCtx(
	"healing", []contextType{CtxPool},
).add(
	"healing.read",
	"healing.update",
	"healing.delete",
).addWithCtx(
	"nodecontainer", []contextType{CtxPool},
).add(
	"nodecontainer.create",
	"nodecontainer.read",
	"nodecontainer.update",
	"nodecontainer.update.upgrade",
	"nodecontainer.delete",
).add(
	"install.manage",
).add(
	"event-block.read",
	"event-block.read.events",
	"event-block.add",
	"event-block.remove",
).add(
	"cluster.read.events",
	"cluster.create",
	"cluster.update",
	"cluster.delete",
).addWithCtx(
	"volume", []contextType{CtxVolume, CtxTeam, CtxPool},
).addWithCtx(
	"volume.create", []contextType{CtxTeam, CtxPool},
).add(
	"volume.read.events",
	"volume.update.bind",
	"volume.update.unbind",
	"volume.delete",
)

Functions

func Check

func Check(token Token, scheme *PermissionScheme, contexts ...PermissionContext) bool

func CheckFromPermList

func CheckFromPermList(perms []Permission, scheme *PermissionScheme, contexts ...PermissionContext) bool

func DestroyRole

func DestroyRole(name string) error

func ListContextValues

func ListContextValues(t Token, scheme *PermissionScheme, failIfEmpty bool) ([]string, error)

func ParseContext

func ParseContext(ctx string) (contextType, error)

func TeamForPermission

func TeamForPermission(t Token, scheme *PermissionScheme) (string, error)

Types

type ErrPermissionNotAllowed

type ErrPermissionNotAllowed struct {
	// contains filtered or unexported fields
}

func (ErrPermissionNotAllowed) Error

func (e ErrPermissionNotAllowed) Error() string

type ErrPermissionNotFound

type ErrPermissionNotFound struct {
	// contains filtered or unexported fields
}

func (ErrPermissionNotFound) Error

func (e ErrPermissionNotFound) Error() string

type ErrRoleEventWrongContext

type ErrRoleEventWrongContext struct {
	// contains filtered or unexported fields
}

func (ErrRoleEventWrongContext) Error

func (e ErrRoleEventWrongContext) Error() string

type Permission

type Permission struct {
	Scheme  *PermissionScheme
	Context PermissionContext
}

func (*Permission) String

func (p *Permission) String() string

type PermissionContext

type PermissionContext struct {
	CtxType contextType
	Value   string
}

func Context

func Context(t contextType, v string) PermissionContext

func Contexts

func Contexts(t contextType, values []string) []PermissionContext

func ContextsForPermission

func ContextsForPermission(token Token, scheme *PermissionScheme, ctxTypes ...contextType) []PermissionContext

func ContextsFromListForPermission

func ContextsFromListForPermission(perms []Permission, scheme *PermissionScheme, ctxTypes ...contextType) []PermissionContext

type PermissionScheme

type PermissionScheme struct {
	// contains filtered or unexported fields
}

func SafeGet

func SafeGet(name string) (*PermissionScheme, error)

func (*PermissionScheme) AllowedContexts

func (s *PermissionScheme) AllowedContexts() []contextType

func (*PermissionScheme) FullName

func (s *PermissionScheme) FullName() string

func (*PermissionScheme) Identifier

func (s *PermissionScheme) Identifier() string

func (*PermissionScheme) IsParent

func (s *PermissionScheme) IsParent(other *PermissionScheme) bool

type PermissionSchemeList

type PermissionSchemeList []*PermissionScheme

func (PermissionSchemeList) Len

func (l PermissionSchemeList) Len() int

func (PermissionSchemeList) Less

func (l PermissionSchemeList) Less(i, j int) bool

func (PermissionSchemeList) Swap

func (l PermissionSchemeList) Swap(i, j int)

type Role

type Role struct {
	Name        string      `bson:"_id" json:"name"`
	ContextType contextType `json:"context"`
	Description string
	SchemeNames []string `json:"scheme_names,omitempty"`
	Events      []string `json:"events,omitempty"`
}

func FindRole

func FindRole(name string) (Role, error)

func ListRoles

func ListRoles() ([]Role, error)

func ListRolesForEvent

func ListRolesForEvent(evt *RoleEvent) ([]Role, error)

func ListRolesWithEvents

func ListRolesWithEvents() ([]Role, error)

func NewRole

func NewRole(name string, ctx string, description string) (Role, error)

func (*Role) Add

func (r *Role) Add() error

func (*Role) AddEvent

func (r *Role) AddEvent(eventName string) error

func (*Role) AddPermissions

func (r *Role) AddPermissions(permNames ...string) error

func (*Role) PermissionsFor

func (r *Role) PermissionsFor(contextValue string) []Permission

func (*Role) RemoveEvent

func (r *Role) RemoveEvent(eventName string) error

func (*Role) RemovePermissions

func (r *Role) RemovePermissions(permNames ...string) error

func (*Role) Update

func (r *Role) Update() error

type RoleEvent

type RoleEvent struct {
	Description string
	// contains filtered or unexported fields
}

func (*RoleEvent) String

func (e *RoleEvent) String() string

type Token

type Token interface {
	Permissions() ([]Permission, error)
}

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL