Documentation ¶
Overview ¶
Package rbacpolicies contains functionality for working with Neutron RBAC Policies. Role-Based Access Control (RBAC) policy framework enables both operators and users to grant access to resources for specific projects.
Sharing an object with a specific project is accomplished by creating a policy entry that permits the target project the access_as_shared action on that object.
To make a network available as an external network for specific projects rather than all projects, use the access_as_external action. If a network is marked as external during creation, it now implicitly creates a wildcard RBAC policy granting everyone access to preserve previous behavior before this feature was added.
Example to Create a RBAC Policy
createOpts := rbacpolicies.CreateOpts{ Action: rbacpolicies.ActionAccessShared, ObjectType: "network", TargetTenant: "6e547a3bcfe44702889fdeff3c3520c3", ObjectID: "240d22bf-bd17-4238-9758-25f72610ecdc" } rbacPolicy, err := rbacpolicies.Create(rbacClient, createOpts).Extract() if err != nil { panic(err) }
Example to List RBAC Policies
listOpts := rbacpolicies.ListOpts{ TenantID: "a99e9b4e620e4db09a2dfb6e42a01e66", } allPages, err := rbacpolicies.List(rbacClient, listOpts).AllPages() if err != nil { panic(err) } allRBACPolicies, err := rbacpolicies.ExtractRBACPolicies(allPages) if err != nil { panic(err) } for _, rbacpolicy := range allRBACPolicies { fmt.Printf("%+v", rbacpolicy) }
Example to Delete a RBAC Policy
rbacPolicyID := "94fe107f-da78-4d92-a9d7-5611b06dad8d" err := rbacpolicies.Delete(rbacClient, rbacPolicyID).ExtractErr() if err != nil { panic(err) }
Example to Get RBAC Policy by ID
rbacPolicyID := "94fe107f-da78-4d92-a9d7-5611b06dad8d" rbacpolicy, err := rbacpolicies.Get(rbacClient, rbacPolicyID).Extract() if err != nil { panic(err) } fmt.Printf("%+v", rbacpolicy)
Example to Update a RBAC Policy
rbacPolicyID := "570b0306-afb5-4d3b-ab47-458fdc16baaa" updateOpts := rbacpolicies.UpdateOpts{ TargetTenant: "9d766060b6354c9e8e2da44cab0e8f38", } rbacPolicy, err := rbacpolicies.Update(rbacClient, rbacPolicyID, updateOpts).Extract() if err != nil { panic(err) }
Index ¶
- func ExtractRBACPolicesInto(r pagination.Page, v interface{}) error
- func List(c *gophercloud.ServiceClient, opts ListOptsBuilder) pagination.Pager
- type CreateOpts
- type CreateOptsBuilder
- type CreateResult
- type DeleteResult
- type GetResult
- type ListOpts
- type ListOptsBuilder
- type PolicyAction
- type RBACPolicy
- type RBACPolicyPage
- type UpdateOpts
- type UpdateOptsBuilder
- type UpdateResult
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ExtractRBACPolicesInto ¶
func ExtractRBACPolicesInto(r pagination.Page, v interface{}) error
ExtractRBACPolicesInto extracts the elements into a slice of RBAC Policy structs.
func List ¶
func List(c *gophercloud.ServiceClient, opts ListOptsBuilder) pagination.Pager
List returns a Pager which allows you to iterate over a collection of rbac policies. It accepts a ListOpts struct, which allows you to filter and sort the returned collection for greater efficiency.
Types ¶
type CreateOpts ¶
type CreateOpts struct { Action PolicyAction `json:"action" required:"true"` ObjectType string `json:"object_type" required:"true"` TargetTenant string `json:"target_tenant" required:"true"` ObjectID string `json:"object_id" required:"true"` }
CreateOpts represents options used to create a rbac-policy.
func (CreateOpts) ToRBACPolicyCreateMap ¶
func (opts CreateOpts) ToRBACPolicyCreateMap() (map[string]interface{}, error)
ToRBACPolicyCreateMap builds a request body from CreateOpts.
type CreateOptsBuilder ¶
CreateOptsBuilder allows extensions to add additional parameters to the Create request.
type CreateResult ¶
type CreateResult struct {
// contains filtered or unexported fields
}
CreateResult represents the result of a create operation. Call its Extract method to interpret it as a RBAC Policy.
func Create ¶
func Create(c *gophercloud.ServiceClient, opts CreateOptsBuilder) (r CreateResult)
Create accepts a CreateOpts struct and creates a new rbac-policy using the values provided.
The tenant ID that is contained in the URI is the tenant that creates the rbac-policy.
func (CreateResult) Extract ¶
func (r CreateResult) Extract() (*RBACPolicy, error)
Extract is a function that accepts a result and extracts RBAC Policy resource.
func (CreateResult) ExtractInto ¶
func (r CreateResult) ExtractInto(v interface{}) error
type DeleteResult ¶
type DeleteResult struct {
gophercloud.ErrResult
}
DeleteResult represents the result of a delete operation. Call its ExtractErr method to determine if the request succeeded or failed.
func Delete ¶
func Delete(c *gophercloud.ServiceClient, rbacPolicyID string) (r DeleteResult)
Delete accepts a unique ID and deletes the rbac-policy associated with it.
type GetResult ¶
type GetResult struct {
// contains filtered or unexported fields
}
GetResult represents the result of a get operation. Call its Extract method to interpret it as a RBAC Policy.
func (GetResult) Extract ¶
func (r GetResult) Extract() (*RBACPolicy, error)
Extract is a function that accepts a result and extracts RBAC Policy resource.
func (GetResult) ExtractInto ¶
func (r GetResult) ExtractInto(v interface{}) error
type ListOpts ¶
type ListOpts struct { TargetTenant string `q:"target_tenant"` ObjectType string `q:"object_type"` ObjectID string `q:"object_id"` Action PolicyAction `q:"action"` TenantID string `q:"tenant_id"` ProjectID string `q:"project_id"` Marker string `q:"marker"` Limit int `q:"limit"` SortKey string `q:"sort_key"` SortDir string `q:"sort_dir"` Tags string `q:"tags"` TagsAny string `q:"tags-any"` NotTags string `q:"not-tags"` NotTagsAny string `q:"not-tags-any"` }
ListOpts allows the filtering and sorting of paginated collections through the API. Filtering is achieved by passing in struct field values that map to the rbac attributes you want to see returned. SortKey allows you to sort by a particular rbac attribute. SortDir sets the direction, and is either `asc' or `desc'. Marker and Limit are used for pagination.
func (ListOpts) ToRBACPolicyListQuery ¶
ToRBACPolicyListQuery formats a ListOpts into a query string.
type ListOptsBuilder ¶
ListOptsBuilder allows extensions to add additional parameters to the List request.
type PolicyAction ¶
type PolicyAction string
PolicyAction maps to Action for the RBAC policy. Which allows access_as_external or access_as_shared.
const ( // ActionAccessExternal returns Action for the RBAC policy as access_as_external. ActionAccessExternal PolicyAction = "access_as_external" ActionAccessShared PolicyAction = "access_as_shared" )
type RBACPolicy ¶
type RBACPolicy struct { // UUID of the RBAC policy. ID string `json:"id"` // Action for the RBAC policy which is access_as_external or access_as_shared. Action PolicyAction `json:"action"` // ObjectID is the ID of the object_type resource. // An object_type of network returns a network ID and // object_type of qos-policy returns a QoS ID. ObjectID string `json:"object_id"` // ObjectType is the type of the object that the RBAC policy affects. // Types include qos-policy or network. ObjectType string `json:"object_type"` // TenantID is the ID of the project that owns the resource. TenantID string `json:"tenant_id"` // TargetTenant is the ID of the tenant to which the RBAC policy will be enforced. TargetTenant string `json:"target_tenant"` // ProjectID is the ID of the project. ProjectID string `json:"project_id"` // Tags optionally set via extensions/attributestags Tags []string `json:"tags"` }
RBACPolicy represents a RBAC policy.
func ExtractRBACPolicies ¶
func ExtractRBACPolicies(r pagination.Page) ([]RBACPolicy, error)
ExtractRBACPolicies accepts a Page struct, specifically a RBAC Policy struct, and extracts the elements into a slice of RBAC Policy structs. In other words, a generic collection is mapped into a relevant slice.
type RBACPolicyPage ¶
type RBACPolicyPage struct {
pagination.LinkedPageBase
}
RBACPolicyPage is the page returned by a pager when traversing over a collection of rbac policies.
func (RBACPolicyPage) IsEmpty ¶
func (r RBACPolicyPage) IsEmpty() (bool, error)
IsEmpty checks whether a RBACPolicyPage struct is empty.
type UpdateOpts ¶
type UpdateOpts struct {
TargetTenant string `json:"target_tenant" required:"true"`
}
UpdateOpts represents options used to update a rbac-policy.
func (UpdateOpts) ToRBACPolicyUpdateMap ¶
func (opts UpdateOpts) ToRBACPolicyUpdateMap() (map[string]interface{}, error)
ToRBACPolicyUpdateMap builds a request body from UpdateOpts.
type UpdateOptsBuilder ¶
UpdateOptsBuilder allows extensions to add additional parameters to the Update request.
type UpdateResult ¶
type UpdateResult struct {
// contains filtered or unexported fields
}
UpdateResult represents the result of an update operation. Call its Extract method to interpret it as a RBAC Policy.
func Update ¶
func Update(c *gophercloud.ServiceClient, rbacPolicyID string, opts UpdateOptsBuilder) (r UpdateResult)
Update accepts a UpdateOpts struct and updates an existing rbac-policy using the values provided.
func (UpdateResult) Extract ¶
func (r UpdateResult) Extract() (*RBACPolicy, error)
Extract is a function that accepts a result and extracts RBAC Policy resource.
func (UpdateResult) ExtractInto ¶
func (r UpdateResult) ExtractInto(v interface{}) error