authz

package
v2.0.0-alpha.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 1, 2021 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// RoleAssignmentListKind represents the canonical RoleAssignmentList kind
	// string
	RoleAssignmentListKind = "RoleAssignmentList"

	// PrincipalTypeServiceAccount represents a principal that is a
	// ServiceAccount.
	PrincipalTypeServiceAccount libAuthz.PrincipalType = "SERVICE_ACCOUNT"
	// PrincipalTypeUser represents a principal that is a User.
	PrincipalTypeUser libAuthz.PrincipalType = "USER"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type MockRoleAssignmentsStore

type MockRoleAssignmentsStore struct {
	GrantFn func(context.Context, libAuthz.RoleAssignment) error
	ListFn  func(
		context.Context,
		RoleAssignmentsSelector,
		meta.ListOptions,
	) (RoleAssignmentList, error)
	RevokeFn func(context.Context, libAuthz.RoleAssignment) error
	ExistsFn func(context.Context, libAuthz.RoleAssignment) (bool, error)
}

func (*MockRoleAssignmentsStore) Exists

func (m *MockRoleAssignmentsStore) Exists(
	ctx context.Context,
	roleAssignment libAuthz.RoleAssignment,
) (bool, error)

func (*MockRoleAssignmentsStore) Grant

func (m *MockRoleAssignmentsStore) Grant(
	ctx context.Context,
	roleAssignment libAuthz.RoleAssignment,
) error

func (*MockRoleAssignmentsStore) List

func (*MockRoleAssignmentsStore) Revoke

func (m *MockRoleAssignmentsStore) Revoke(
	ctx context.Context,
	roleAssignment libAuthz.RoleAssignment,
) error

type RoleAssignmentList

type RoleAssignmentList struct {
	// ListMeta contains list metadata.
	meta.ListMeta `json:"metadata"`
	// Items is a slice of RoleAssignments.
	Items []libAuthz.RoleAssignment `json:"items,omitempty"`
}

RoleAssignmentList is an ordered and pageable list of system-level RoleAssignments.

func (RoleAssignmentList) MarshalJSON

func (r RoleAssignmentList) MarshalJSON() ([]byte, error)

MarshalJSON amends RoleAssignmentList instances with type metadata.

type RoleAssignmentsSelector

type RoleAssignmentsSelector struct {
	// Principal specifies that only RoleAssignments for the specified principal
	// should be selected.
	Principal *libAuthz.PrincipalReference
	// Role specifies that only RoleAssignments for the specified Role should be
	// selected.
	Role libAuthz.Role
}

RoleAssignmentsSelector represents useful filter criteria when selecting multiple RoleAssignments for API group operations like list.

type RoleAssignmentsService

type RoleAssignmentsService interface {
	// Grant grants the Role specified by the RoleAssignment to the principal also
	// specified by the RoleAssignment. If the specified principal does not exist,
	// implementations must return a *meta.ErrNotFound error.
	Grant(ctx context.Context, roleAssignment libAuthz.RoleAssignment) error

	// List returns a RoleAssignmentsList, with its Items (RoleAssignments)
	// ordered by principal type, principalID, role, and scope. Criteria for which
	// RoleAssignments should be retrieved can be specified using the
	// RoleAssignmentsSelector parameter.
	List(
		context.Context,
		RoleAssignmentsSelector,
		meta.ListOptions,
	) (RoleAssignmentList, error)

	// Revoke revokes the Role specified by the RoleAssignment for the principal
	// also specified by the RoleAssignment. If the specified principal does not
	// exist, implementations must return a *meta.ErrNotFound error.
	Revoke(ctx context.Context, roleAssignment libAuthz.RoleAssignment) error
}

RoleAssignmentsService is the specialized interface for managing RoleAssignments. It's decoupled from underlying technology choices (e.g. data store, message bus, etc.) to keep business logic reusable and consistent while the underlying tech stack remains free to change.

func NewRoleAssignmentsService

func NewRoleAssignmentsService(
	authorizeFn libAuthz.AuthorizeFn,
	usersStore authn.UsersStore,
	serviceAccountsStore authn.ServiceAccountsStore,
	roleAssignmentsStore RoleAssignmentsStore,
) RoleAssignmentsService

NewRoleAssignmentsService returns a specialized interface for managing RoleAssignments.

type RoleAssignmentsStore

type RoleAssignmentsStore interface {
	// Grant the role specified by the RoleAssignment to the principal specified
	// by the RoleAssignment.
	Grant(context.Context, libAuthz.RoleAssignment) error
	// List returns a RoleAssignmentsList, with its Items (system-level
	// RoleAssignments) ordered by principal type, principalID, role name, and
	// scope. Criteria for which RoleAssignments should be retrieved can be
	// specified using the RoleAssignmentsSelector parameter.
	List(
		context.Context,
		RoleAssignmentsSelector,
		meta.ListOptions,
	) (RoleAssignmentList, error)
	// Revoke the role specified by the RoleAssignment for the principal specified
	// by the RoleAssignment.
	Revoke(context.Context, libAuthz.RoleAssignment) error
	// Exists returns a bool indicating whether the specified RoleAssignment
	// exists within the store. Implementations MUST also return true if a
	// RoleAssignment exists in the store that logically "overlaps" the specified
	// RoleAssignment. For instance, when seeking to determine whether a
	// RoleAssignment exists that endows some principal P with Role X having scope
	// Y, and such a RoleAssignment does not exist, but one does that endows that
	// principal P with Role X having GLOBAL SCOPE (*), then true MUST be
	// returned. Implementations MUST also return an error if and only if anything
	// goes wrong. i.e. Errors are never used to communicate that the specified
	// RoleAssignment does not exist in the store. They are only used to convey an
	// actual failure.
	Exists(context.Context, libAuthz.RoleAssignment) (bool, error)
}

RoleAssignmentsStore is an interface for components that implement RoleAssignment persistence concerns.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL