Documentation ¶
Overview ¶
Authorization package
Index ¶
Constants ¶
View Source
const ( // Actions ActionRead = "read" ActionList = "list" ActionCreate = "create" ActionUpdate = "update" ActionDelete = "delete" // Resources ResourceWorkflowContract = "workflow_contract" ResourceCASArtifact = "cas_artifact" ResourceCASBackend = "cas_backend" ResourceReferrer = "referrer" ResourceAvailableIntegration = "integration_available" ResourceRegisteredIntegration = "integration_registered" ResourceAttachedIntegration = "integration_attached" ResourceOrgMetric = "metrics_org" ResourceRobotAccount = "robot_account" ResourceWorkflowRun = "workflow_run" ResourceWorkflow = "workflow" UserMembership = "membership_user" Organization = "organization" // We have for now three roles, viewer, admin and owner // The owner of an org // The administrator of an org // The read only viewer of an org // These roles are hierarchical // This means that the Owner role inherits all the policies from Admin so from the Viewer Role RoleOwner Role = "role:org:owner" RoleAdmin Role = "role:org:admin" RoleViewer Role = "role:org:viewer" )
Variables ¶
View Source
var ( // Referrer PolicyReferrerRead = &Policy{ResourceReferrer, ActionRead} // Artifact PolicyArtifactDownload = &Policy{ResourceCASArtifact, ActionRead} PolicyArtifactUpload = &Policy{ResourceCASArtifact, ActionCreate} // CAS backend PolicyCASBackendList = &Policy{ResourceCASBackend, ActionList} // Available integrations PolicyAvailableIntegrationList = &Policy{ResourceAvailableIntegration, ActionList} PolicyAvailableIntegrationRead = &Policy{ResourceAvailableIntegration, ActionRead} // Registered integrations PolicyRegisteredIntegrationList = &Policy{ResourceRegisteredIntegration, ActionList} PolicyRegisteredIntegrationRead = &Policy{ResourceRegisteredIntegration, ActionRead} PolicyRegisteredIntegrationAdd = &Policy{ResourceRegisteredIntegration, ActionCreate} // Attached integrations PolicyAttachedIntegrationList = &Policy{ResourceAttachedIntegration, ActionList} PolicyAttachedIntegrationAttach = &Policy{ResourceAttachedIntegration, ActionCreate} // Org Metrics PolicyOrgMetricsRead = &Policy{ResourceOrgMetric, ActionList} // Robot Account PolicyRobotAccountList = &Policy{ResourceRobotAccount, ActionList} PolicyRobotAccountCreate = &Policy{ResourceRobotAccount, ActionCreate} // Workflow Contract PolicyWorkflowContractList = &Policy{ResourceWorkflowContract, ActionList} PolicyWorkflowContractRead = &Policy{ResourceWorkflowContract, ActionRead} PolicyWorkflowContractUpdate = &Policy{ResourceWorkflowContract, ActionUpdate} // WorkflowRun PolicyWorkflowRunList = &Policy{ResourceWorkflowRun, ActionList} PolicyWorkflowRunRead = &Policy{ResourceWorkflowRun, ActionRead} // Workflow PolicyWorkflowList = &Policy{ResourceWorkflow, ActionList} PolicyWorkflowRead = &Policy{ResourceWorkflow, ActionRead} PolicyWorkflowCreate = &Policy{ResourceWorkflow, ActionCreate} // User Membership PolicyOrganizationRead = &Policy{Organization, ActionRead} )
View Source
var ServerOperationsMap = map[string][]*Policy{ "/controlplane.v1.ReferrerService/DiscoverPrivate": {PolicyReferrerRead}, "/controlplane.v1.CASCredentialsService/Get": {}, "/controlplane.v1.CASRedirectService/DownloadRedirect": {PolicyArtifactDownload}, "/controlplane.v1.CASRedirectService/GetDownloadURL": {PolicyArtifactDownload}, "/controlplane.v1.CASBackendService/List": {PolicyCASBackendList}, "/controlplane.v1.IntegrationsService/ListAvailable": {PolicyAvailableIntegrationList, PolicyAvailableIntegrationRead}, "/controlplane.v1.IntegrationsService/ListRegistrations": {PolicyRegisteredIntegrationList}, "/controlplane.v1.IntegrationsService/DescribeRegistration": {PolicyRegisteredIntegrationRead}, "/controlplane.v1.IntegrationsService/Register": {PolicyRegisteredIntegrationAdd}, "/controlplane.v1.IntegrationsService/ListAttachments": {PolicyAttachedIntegrationList}, "/controlplane.v1.IntegrationsService/Attach": {PolicyAttachedIntegrationAttach}, "/controlplane.v1.OrgMetricsService/.*": {PolicyOrgMetricsRead}, "/controlplane.v1.RobotAccountService/List": {PolicyRobotAccountList}, "/controlplane.v1.RobotAccountService/Create": {PolicyRobotAccountCreate}, "/controlplane.v1.WorkflowService/List": {PolicyWorkflowList}, "/controlplane.v1.WorkflowService/View": {PolicyWorkflowRead}, "/controlplane.v1.WorkflowService/Create": {PolicyWorkflowCreate}, "/controlplane.v1.WorkflowRunService/List": {PolicyWorkflowRunList}, "/controlplane.v1.WorkflowRunService/View": {PolicyWorkflowRunRead}, "/controlplane.v1.WorkflowContractService/List": {PolicyWorkflowContractList}, "/controlplane.v1.WorkflowContractService/Describe": {PolicyWorkflowContractRead}, "/controlplane.v1.WorkflowContractService/Update": {PolicyWorkflowContractUpdate}, "/controlplane.v1.ContextService/Current": {PolicyOrganizationRead}, "/controlplane.v1.OrganizationService/Create": {}, "/controlplane.v1.UserService/ListMemberships": {}, "/controlplane.v1.UserService/SetCurrentMembership": {}, "/controlplane.v1.UserService/DeleteMembership": {}, "/controlplane.v1.AuthService/DeleteAccount": {}, }
ServerOperationsMap is a map of server operations to the ResourceAction tuples that are required to perform the operation If it contains more than one policy, all of them need to be true
Functions ¶
This section is empty.
Types ¶
type Enforcer ¶
type Enforcer struct {
*casbin.Enforcer
}
func NewDatabaseEnforcer ¶
func NewDatabaseEnforcer(c *conf.Data_Database) (*Enforcer, error)
NewDatabaseEnforcer creates a new casbin authorization enforcer based on a database backend as policies storage backend
func NewFiletypeEnforcer ¶
NewFileAdapter creates a new casbin authorization enforcer based on a CSV file as policies storage backend
func (*Enforcer) AddPolicies ¶
func (e *Enforcer) AddPolicies(sub *SubjectAPIToken, policies ...*Policy) error
func (*Enforcer) ClearPolicies ¶
func (e *Enforcer) ClearPolicies(sub *SubjectAPIToken) error
Remove all the policies for the given subject
type Role ¶
type Role string
func (Role) Values ¶
Implements https://pkg.go.dev/entgo.io/ent/schema/field#EnumValues so they can be added to the database schema
type SubjectAPIToken ¶
type SubjectAPIToken struct {
ID string
}
func (*SubjectAPIToken) String ¶
func (t *SubjectAPIToken) String() string
Click to show internal directories.
Click to hide internal directories.