Documentation ¶
Index ¶
- Constants
- Variables
- func AuthWebCreds(req *http.Request) (cbauth.Creds, error)
- func GetPermissions(keyspace application.Keyspace, perm Permission) (perms []string)
- func HandlerBucketPermissions(srcKeyspace, metaKeyspace application.Keyspace) []string
- func HandlerGetPermissions(keyspace application.Keyspace) []string
- func HandlerManagePermissions(keyspace application.Keyspace) []string
- func HasPermissions(owner *application.Owner, permissions []string, all bool) ([]string, error)
- func InitRbacManager(url string)
- func IsAllowed(req *http.Request, permissions []string, all bool) ([]string, error)
- func IsAllowedCreds(cred cbauth.Creds, permissions []string, all bool) ([]string, error)
- func PutOnBehalfOf(cred cbauth.Creds, query map[string][]string) map[string][]string
- func ValidateAuthForOp(r *http.Request, rPerms []string, mPerms []string, all bool) ([]string, error)
- type Permission
Constants ¶
View Source
const ( // EventingPermissionManage for auditing EventingManagePermission = "cluster.eventing.functions!manage" EventingPermissionStats = "cluster.admin.internal.stats!read" ClusterPermissionRead = "cluster.admin.security!read" EventingAnyPermission = "cluster.collection[.:.:].eventing.function!manage" )
Known permissions
Variables ¶
View Source
var ( ErrAuthorisation = errors.New("one or more requested permissions missing") ErrUserDeleted = errors.New("user deleted") ErrAuthentication = errors.New("unauthenticated User") )
View Source
var ( EventingPermissionManage = []string{EventingManagePermission} EventingReadPermissions = []string{EventingManagePermission, ClusterPermissionRead} EventingStatsPermission = []string{EventingPermissionStats} EventingAnyManageReadPermissions = []string{EventingManagePermission, ClusterPermissionRead, EventingAnyPermission} )
Functions ¶
func GetPermissions ¶
func GetPermissions(keyspace application.Keyspace, perm Permission) (perms []string)
func HandlerBucketPermissions ¶
func HandlerBucketPermissions(srcKeyspace, metaKeyspace application.Keyspace) []string
func HandlerGetPermissions ¶
func HandlerGetPermissions(keyspace application.Keyspace) []string
Exported functions For eventing different permissions
func HandlerManagePermissions ¶
func HandlerManagePermissions(keyspace application.Keyspace) []string
func HasPermissions ¶
Return true if all the permissions are satisfied for this user or not Error maybe the cbauth http server problem TODO: If cbauth supports IsAllowed(user, permission) we don't have to recreate all the request and all If all is true then all permission to should be satisfied
func InitRbacManager ¶
func InitRbacManager(url string)
InitRbacManager initilaise the rbac module Should call this method before any other method is invoked
func IsAllowedCreds ¶
func PutOnBehalfOf ¶
Types ¶
type Permission ¶
type Permission uint8
const ( EventingManage Permission = iota BucketRead BucketWrite BucketDcp )
Click to show internal directories.
Click to hide internal directories.