rbacpolicies

package
v0.0.0-...-56e5f01 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 30, 2024 License: Apache-2.0 Imports: 2 Imported by: 0

Documentation

Overview

Package rbacpolicies contains functionality for working with Neutron RBAC Policies. Role-Based Access Control (RBAC) policy framework enables both operators and users to grant access to resources for specific projects.

Sharing an object with a specific project is accomplished by creating a policy entry that permits the target project the access_as_shared action on that object.

To make a network available as an external network for specific projects rather than all projects, use the access_as_external action. If a network is marked as external during creation, it now implicitly creates a wildcard RBAC policy granting everyone access to preserve previous behavior before this feature was added.

Example to Create a RBAC Policy

	createOpts := rbacpolicies.CreateOpts{
		Action:       rbacpolicies.ActionAccessShared,
		ObjectType:   "network",
                TargetTenant: "6e547a3bcfe44702889fdeff3c3520c3",
                ObjectID:     "240d22bf-bd17-4238-9758-25f72610ecdc"
	}

	rbacPolicy, err := rbacpolicies.Create(rbacClient, createOpts).Extract()
	if err != nil {
		panic(err)
	}

Example to List RBAC Policies

listOpts := rbacpolicies.ListOpts{
	TenantID: "a99e9b4e620e4db09a2dfb6e42a01e66",
}

allPages, err := rbacpolicies.List(rbacClient, listOpts).AllPages()
if err != nil {
	panic(err)
}

allRBACPolicies, err := rbacpolicies.ExtractRBACPolicies(allPages)
if err != nil {
	panic(err)
}

for _, rbacpolicy := range allRBACPolicies {
	fmt.Printf("%+v", rbacpolicy)
}

Example to Delete a RBAC Policy

rbacPolicyID := "94fe107f-da78-4d92-a9d7-5611b06dad8d"
err := rbacpolicies.Delete(rbacClient, rbacPolicyID).ExtractErr()
if err != nil {
  panic(err)
}

Example to Get RBAC Policy by ID

rbacPolicyID := "94fe107f-da78-4d92-a9d7-5611b06dad8d"
rbacpolicy, err := rbacpolicies.Get(rbacClient, rbacPolicyID).Extract()
if err != nil {
  panic(err)
}
fmt.Printf("%+v", rbacpolicy)

Example to Update a RBAC Policy

rbacPolicyID := "570b0306-afb5-4d3b-ab47-458fdc16baaa"
updateOpts := rbacpolicies.UpdateOpts{
	TargetTenant: "9d766060b6354c9e8e2da44cab0e8f38",
}
rbacPolicy, err := rbacpolicies.Update(rbacClient, rbacPolicyID, updateOpts).Extract()
if err != nil {
	panic(err)
}

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ExtractRBACPolicesInto

func ExtractRBACPolicesInto(r pagination.Page, v interface{}) error

ExtractRBACPolicesInto extracts the elements into a slice of RBAC Policy structs.

func List

func List(c *gophercloud.ServiceClient, opts ListOptsBuilder) pagination.Pager

List returns a Pager which allows you to iterate over a collection of rbac policies. It accepts a ListOpts struct, which allows you to filter and sort the returned collection for greater efficiency.

Types

type CreateOpts

type CreateOpts struct {
	Action       PolicyAction `json:"action" required:"true"`
	ObjectType   string       `json:"object_type" required:"true"`
	TargetTenant string       `json:"target_tenant" required:"true"`
	ObjectID     string       `json:"object_id" required:"true"`
}

CreateOpts represents options used to create a rbac-policy.

func (CreateOpts) ToRBACPolicyCreateMap

func (opts CreateOpts) ToRBACPolicyCreateMap() (map[string]interface{}, error)

ToRBACPolicyCreateMap builds a request body from CreateOpts.

type CreateOptsBuilder

type CreateOptsBuilder interface {
	ToRBACPolicyCreateMap() (map[string]interface{}, error)
}

CreateOptsBuilder allows extensions to add additional parameters to the Create request.

type CreateResult

type CreateResult struct {
	// contains filtered or unexported fields
}

CreateResult represents the result of a create operation. Call its Extract method to interpret it as a RBAC Policy.

func Create

func Create(c *gophercloud.ServiceClient, opts CreateOptsBuilder) (r CreateResult)

Create accepts a CreateOpts struct and creates a new rbac-policy using the values provided.

The tenant ID that is contained in the URI is the tenant that creates the rbac-policy.

func (CreateResult) Extract

func (r CreateResult) Extract() (*RBACPolicy, error)

Extract is a function that accepts a result and extracts RBAC Policy resource.

func (CreateResult) ExtractInto

func (r CreateResult) ExtractInto(v interface{}) error

type DeleteResult

type DeleteResult struct {
	gophercloud.ErrResult
}

DeleteResult represents the result of a delete operation. Call its ExtractErr method to determine if the request succeeded or failed.

func Delete

func Delete(c *gophercloud.ServiceClient, rbacPolicyID string) (r DeleteResult)

Delete accepts a unique ID and deletes the rbac-policy associated with it.

type GetResult

type GetResult struct {
	// contains filtered or unexported fields
}

GetResult represents the result of a get operation. Call its Extract method to interpret it as a RBAC Policy.

func Get

func Get(c *gophercloud.ServiceClient, id string) (r GetResult)

Get retrieves a specific rbac policy based on its unique ID.

func (GetResult) Extract

func (r GetResult) Extract() (*RBACPolicy, error)

Extract is a function that accepts a result and extracts RBAC Policy resource.

func (GetResult) ExtractInto

func (r GetResult) ExtractInto(v interface{}) error

type ListOpts

type ListOpts struct {
	TargetTenant string       `q:"target_tenant"`
	ObjectType   string       `q:"object_type"`
	ObjectID     string       `q:"object_id"`
	Action       PolicyAction `q:"action"`
	TenantID     string       `q:"tenant_id"`
	ProjectID    string       `q:"project_id"`
	Marker       string       `q:"marker"`
	Limit        int          `q:"limit"`
	SortKey      string       `q:"sort_key"`
	SortDir      string       `q:"sort_dir"`
	Tags         string       `q:"tags"`
	TagsAny      string       `q:"tags-any"`
	NotTags      string       `q:"not-tags"`
	NotTagsAny   string       `q:"not-tags-any"`
}

ListOpts allows the filtering and sorting of paginated collections through the API. Filtering is achieved by passing in struct field values that map to the rbac attributes you want to see returned. SortKey allows you to sort by a particular rbac attribute. SortDir sets the direction, and is either `asc' or `desc'. Marker and Limit are used for pagination.

func (ListOpts) ToRBACPolicyListQuery

func (opts ListOpts) ToRBACPolicyListQuery() (string, error)

ToRBACPolicyListQuery formats a ListOpts into a query string.

type ListOptsBuilder

type ListOptsBuilder interface {
	ToRBACPolicyListQuery() (string, error)
}

ListOptsBuilder allows extensions to add additional parameters to the List request.

type PolicyAction

type PolicyAction string

PolicyAction maps to Action for the RBAC policy. Which allows access_as_external or access_as_shared.

const (
	// ActionAccessExternal returns Action for the RBAC policy as access_as_external.
	ActionAccessExternal PolicyAction = "access_as_external"

	// ActionAccessShared returns Action for the RBAC policy as access_as_shared.
	ActionAccessShared PolicyAction = "access_as_shared"
)

type RBACPolicy

type RBACPolicy struct {
	// UUID of the RBAC policy.
	ID string `json:"id"`

	// Action for the RBAC policy which is access_as_external or access_as_shared.
	Action PolicyAction `json:"action"`

	// ObjectID is the ID of the object_type resource.
	// An object_type of network returns a network ID and
	// object_type of qos-policy returns a QoS ID.
	ObjectID string `json:"object_id"`

	// ObjectType is the type of the object that the RBAC policy affects.
	// Types include qos-policy or network.
	ObjectType string `json:"object_type"`

	// TenantID is the ID of the project that owns the resource.
	TenantID string `json:"tenant_id"`

	// TargetTenant is the ID of the tenant to which the RBAC policy will be enforced.
	TargetTenant string `json:"target_tenant"`

	// ProjectID is the ID of the project.
	ProjectID string `json:"project_id"`

	// Tags optionally set via extensions/attributestags
	Tags []string `json:"tags"`
}

RBACPolicy represents a RBAC policy.

func ExtractRBACPolicies

func ExtractRBACPolicies(r pagination.Page) ([]RBACPolicy, error)

ExtractRBACPolicies accepts a Page struct, specifically a RBAC Policy struct, and extracts the elements into a slice of RBAC Policy structs. In other words, a generic collection is mapped into a relevant slice.

type RBACPolicyPage

type RBACPolicyPage struct {
	pagination.LinkedPageBase
}

RBACPolicyPage is the page returned by a pager when traversing over a collection of rbac policies.

func (RBACPolicyPage) IsEmpty

func (r RBACPolicyPage) IsEmpty() (bool, error)

IsEmpty checks whether a RBACPolicyPage struct is empty.

type UpdateOpts

type UpdateOpts struct {
	TargetTenant string `json:"target_tenant" required:"true"`
}

UpdateOpts represents options used to update a rbac-policy.

func (UpdateOpts) ToRBACPolicyUpdateMap

func (opts UpdateOpts) ToRBACPolicyUpdateMap() (map[string]interface{}, error)

ToRBACPolicyUpdateMap builds a request body from UpdateOpts.

type UpdateOptsBuilder

type UpdateOptsBuilder interface {
	ToRBACPolicyUpdateMap() (map[string]interface{}, error)
}

UpdateOptsBuilder allows extensions to add additional parameters to the Update request.

type UpdateResult

type UpdateResult struct {
	// contains filtered or unexported fields
}

UpdateResult represents the result of an update operation. Call its Extract method to interpret it as a RBAC Policy.

func Update

func Update(c *gophercloud.ServiceClient, rbacPolicyID string, opts UpdateOptsBuilder) (r UpdateResult)

Update accepts a UpdateOpts struct and updates an existing rbac-policy using the values provided.

func (UpdateResult) Extract

func (r UpdateResult) Extract() (*RBACPolicy, error)

Extract is a function that accepts a result and extracts RBAC Policy resource.

func (UpdateResult) ExtractInto

func (r UpdateResult) ExtractInto(v interface{}) error

Directories

Path Synopsis
Package testing includes rbac unit tests
Package testing includes rbac unit tests

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL