rbac

package
v0.0.0-...-31abfad Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 16, 2024 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// EventingPermissionManage for auditing
	EventingManagePermission = "cluster.eventing.functions!manage"
	EventingPermissionStats  = "cluster.admin.internal.stats!read"
	ClusterPermissionRead    = "cluster.admin.security!read"
	EventingAnyPermission    = "cluster.collection[.:.:].eventing.function!manage"
)

Known permissions

Variables

View Source
var (
	ErrAuthorisation  = errors.New("one or more requested permissions missing")
	ErrUserDeleted    = errors.New("user deleted")
	ErrAuthentication = errors.New("unauthenticated User")
)
View Source
var (
	EventingPermissionManage         = []string{EventingManagePermission}
	EventingReadPermissions          = []string{EventingManagePermission, ClusterPermissionRead}
	EventingStatsPermission          = []string{EventingPermissionStats}
	EventingAnyManageReadPermissions = []string{EventingManagePermission, ClusterPermissionRead, EventingAnyPermission}
)

Functions

func AuthWebCreds

func AuthWebCreds(req *http.Request) (cbauth.Creds, error)

func GetPermissions

func GetPermissions(keyspace application.Keyspace, perm Permission) (perms []string)

func HandlerBucketPermissions

func HandlerBucketPermissions(srcKeyspace, metaKeyspace application.Keyspace) []string

func HandlerGetPermissions

func HandlerGetPermissions(keyspace application.Keyspace) []string

Exported functions For eventing different permissions

func HandlerManagePermissions

func HandlerManagePermissions(keyspace application.Keyspace) []string

func HasPermissions

func HasPermissions(owner *application.Owner, permissions []string, all bool) ([]string, error)

Return true if all the permissions are satisfied for this user or not Error maybe the cbauth http server problem TODO: If cbauth supports IsAllowed(user, permission) we don't have to recreate all the request and all If all is true then all permission to should be satisfied

func InitRbacManager

func InitRbacManager(url string)

InitRbacManager initilaise the rbac module Should call this method before any other method is invoked

func IsAllowed

func IsAllowed(req *http.Request, permissions []string, all bool) ([]string, error)

func IsAllowedCreds

func IsAllowedCreds(cred cbauth.Creds, permissions []string, all bool) ([]string, error)

func PutOnBehalfOf

func PutOnBehalfOf(cred cbauth.Creds, query map[string][]string) map[string][]string

func ValidateAuthForOp

func ValidateAuthForOp(r *http.Request, rPerms []string, mPerms []string, all bool) ([]string, error)

Types

type Permission

type Permission uint8
const (
	EventingManage Permission = iota
	BucketRead
	BucketWrite
	BucketDcp
)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL