protos

package
v0.0.0-...-89602ce Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 18, 2020 License: BSD-3-Clause Imports: 10 Imported by: 0

Documentation

Overview

access_helper provides ToString() receiver for AccessControl_Permission mask

Index

Constants

This section is empty.

Variables

View Source 
var (
	AccessControl_Permission_name = map[int32]string{
		0: "NONE",
		1: "READ",
		2: "WRITE",
	}
	AccessControl_Permission_value = map[string]int32{
		"NONE":  0,
		"READ":  1,
		"WRITE": 2,
	}
)

Enum value maps for AccessControl_Permission.

View Source 
var File_access_proto protoreflect.FileDescriptor

Functions

func AddToACL 

func AddToACL(acl *AccessControl_List, entities []*AccessControl_Entity) error

AddToACL adds slice of Entities to the acl of Operator 'oper'. If an entity with the same Id is already in the ACL, it'll be updated.

func CheckEntitiesPermissions 

func CheckEntitiesPermissions(
	acl *AccessControl_List,
	entList []*AccessControl_Entity,
) error

CheckEntitiesPermissions verifies permissions for given entList with given ACL. Returns nil if all entities from entList have at least requested permissions in the ACL, error otherwise

func GetHashToACL 

func GetHashToACL(acls []*AccessControl_List) map[string]*AccessControl_List

GetHashToACL converts the passed slice to a map, whose keys are the hash strings of each ACL's operator.

func RegisterAccessControlManagerServer 

func RegisterAccessControlManagerServer(s *grpc.Server, srv AccessControlManagerServer)

func VerifyACLRequest 

func VerifyACLRequest(req *AccessControl_ListRequest) error

func VerifyPermissionsRequest 

func VerifyPermissionsRequest(req *AccessControl_PermissionsRequest) error

VerifyPermissionsRequest is a helper function which checks validity of AccessControl_PermissionsRequest.

Types

type AccessControl 

type AccessControl struct {
	// contains filtered or unexported fields
}

Access Control Data Structures & Definitions

func (*AccessControl) Descriptor deprecated 

func (*AccessControl) Descriptor() ([]byte, []int)

Deprecated: Use AccessControl.ProtoReflect.Descriptor instead.

func (*AccessControl) ProtoMessage 

func (*AccessControl) ProtoMessage()

func (*AccessControl) ProtoReflect 

func (x *AccessControl) ProtoReflect() protoreflect.Message

func (*AccessControl) Reset 

func (x *AccessControl) Reset()

func (*AccessControl) String 

func (x *AccessControl) String() string

type AccessControlManagerClient 

type AccessControlManagerClient interface {
	// Overwrites Permissions for operator Identity to manage others
	// Request includes ACL to set for the Operator
	// If the Operator doesn't exist - creates a new operator with the given ACL
	SetOperator(ctx context.Context, in *AccessControl_ListRequest, opts ...grpc.CallOption) (*protos.Void, error)
	// Adds Permissions for one Identity to manage others
	// Request includes ACL to add (append to the existing ACL) for the Operator
	UpdateOperator(ctx context.Context, in *AccessControl_ListRequest, opts ...grpc.CallOption) (*protos.Void, error)
	// Removes all operator's permissions (the entire operator's ACL)
	DeleteOperator(ctx context.Context, in *protos.Identity, opts ...grpc.CallOption) (*protos.Void, error)
	// Returns the managing Identity's permissions list
	GetOperatorACL(ctx context.Context, in *protos.Identity, opts ...grpc.CallOption) (*AccessControl_List, error)
	// Returns the managing Identity's permissions list
	GetOperatorsACLs(ctx context.Context, in *protos.Identity_List, opts ...grpc.CallOption) (*AccessControl_Lists, error)
	// Returns the managing Identity's permissions for a given entity
	// NOTE: Takes into account wildcards for the entity's type in the ACL
	GetPermissions(ctx context.Context, in *AccessControl_PermissionsRequest, opts ...grpc.CallOption) (*AccessControl_Entity, error)
	// CheckPermissions verifies Operator permissions for a list of given
	// Identities. AccessControl.ListRequest.entities is a list of
	// Identities and their corresponding permissions requested by the operator
	// CheckPermissions will return success only if all requested permissions
	// are satisfied (AND logic)
	// Intended to be used for multi-Identity requests such as Network Identity
	// AND REST API Identity, etc.
	CheckPermissions(ctx context.Context, in *AccessControl_ListRequest, opts ...grpc.CallOption) (*protos.Void, error)
	// Lists all globally registered operators on the cloud
	ListOperators(ctx context.Context, in *protos.Void, opts ...grpc.CallOption) (*protos.Identity_List, error)
	// Cleanup a given entity from all Operators' ACLs
	DeleteEntity(ctx context.Context, in *protos.Identity, opts ...grpc.CallOption) (*protos.Void, error)
}

AccessControlManagerClient is the client API for AccessControlManager service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

func NewAccessControlManagerClient 

func NewAccessControlManagerClient(cc grpc.ClientConnInterface) AccessControlManagerClient

type AccessControlManagerServer 

type AccessControlManagerServer interface {
	// Overwrites Permissions for operator Identity to manage others
	// Request includes ACL to set for the Operator
	// If the Operator doesn't exist - creates a new operator with the given ACL
	SetOperator(context.Context, *AccessControl_ListRequest) (*protos.Void, error)
	// Adds Permissions for one Identity to manage others
	// Request includes ACL to add (append to the existing ACL) for the Operator
	UpdateOperator(context.Context, *AccessControl_ListRequest) (*protos.Void, error)
	// Removes all operator's permissions (the entire operator's ACL)
	DeleteOperator(context.Context, *protos.Identity) (*protos.Void, error)
	// Returns the managing Identity's permissions list
	GetOperatorACL(context.Context, *protos.Identity) (*AccessControl_List, error)
	// Returns the managing Identity's permissions list
	GetOperatorsACLs(context.Context, *protos.Identity_List) (*AccessControl_Lists, error)
	// Returns the managing Identity's permissions for a given entity
	// NOTE: Takes into account wildcards for the entity's type in the ACL
	GetPermissions(context.Context, *AccessControl_PermissionsRequest) (*AccessControl_Entity, error)
	// CheckPermissions verifies Operator permissions for a list of given
	// Identities. AccessControl.ListRequest.entities is a list of
	// Identities and their corresponding permissions requested by the operator
	// CheckPermissions will return success only if all requested permissions
	// are satisfied (AND logic)
	// Intended to be used for multi-Identity requests such as Network Identity
	// AND REST API Identity, etc.
	CheckPermissions(context.Context, *AccessControl_ListRequest) (*protos.Void, error)
	// Lists all globally registered operators on the cloud
	ListOperators(context.Context, *protos.Void) (*protos.Identity_List, error)
	// Cleanup a given entity from all Operators' ACLs
	DeleteEntity(context.Context, *protos.Identity) (*protos.Void, error)
}

AccessControlManagerServer is the server API for AccessControlManager service.

type AccessControl_Entity 

type AccessControl_Entity struct {
	Id          *protos.Identity         `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	Permissions AccessControl_Permission `` // permissions bitmask, READ|WRITE == full access
	/* 126-byte string literal not displayed */
	// contains filtered or unexported fields
}

"Managed/monitored" entity record

func (*AccessControl_Entity) Descriptor deprecated 

func (*AccessControl_Entity) Descriptor() ([]byte, []int)

Deprecated: Use AccessControl_Entity.ProtoReflect.Descriptor instead.

func (*AccessControl_Entity) GetId 

func (x *AccessControl_Entity) GetId() *protos.Identity

func (*AccessControl_Entity) GetPermissions 

func (x *AccessControl_Entity) GetPermissions() AccessControl_Permission

func (*AccessControl_Entity) ProtoMessage 

func (*AccessControl_Entity) ProtoMessage()

func (*AccessControl_Entity) ProtoReflect 

func (x *AccessControl_Entity) ProtoReflect() protoreflect.Message

func (*AccessControl_Entity) Reset 

func (x *AccessControl_Entity) Reset()

func (*AccessControl_Entity) String 

func (x *AccessControl_Entity) String() string

type AccessControl_List 

type AccessControl_List struct {
	Operator *protos.Identity `protobuf:"bytes,1,opt,name=operator,proto3" json:"operator,omitempty"`
	// Map entity's hash string -> entity
	Entities map[string]*AccessControl_Entity `` /* 157-byte string literal not displayed */
	// contains filtered or unexported fields
}

Operator's Access Control List (map)

func (*AccessControl_List) Descriptor deprecated 

func (*AccessControl_List) Descriptor() ([]byte, []int)

Deprecated: Use AccessControl_List.ProtoReflect.Descriptor instead.

func (*AccessControl_List) GetEntities 

func (x *AccessControl_List) GetEntities() map[string]*AccessControl_Entity

func (*AccessControl_List) GetOperator 

func (x *AccessControl_List) GetOperator() *protos.Identity

func (*AccessControl_List) ProtoMessage 

func (*AccessControl_List) ProtoMessage()

func (*AccessControl_List) ProtoReflect 

func (x *AccessControl_List) ProtoReflect() protoreflect.Message

func (*AccessControl_List) Reset 

func (x *AccessControl_List) Reset()

func (*AccessControl_List) String 

func (x *AccessControl_List) String() string

type AccessControl_ListRequest 

type AccessControl_ListRequest struct {
	Operator *protos.Identity        `protobuf:"bytes,1,opt,name=operator,proto3" json:"operator,omitempty"` // Identity of operator => entities' manager
	Entities []*AccessControl_Entity `protobuf:"bytes,2,rep,name=entities,proto3" json:"entities,omitempty"` // Operated/managed entities & permissions
	// contains filtered or unexported fields
}

RPC Request/Responce used to 1) manage AND 2) check permissions 1. When Adding or Modifying permissions entities will represent managed entities Operator's permissions 2. When verifying permissions, entities will represent a list of Identities and their corresponding permissions requested by the operator

func (*AccessControl_ListRequest) Descriptor deprecated 

func (*AccessControl_ListRequest) Descriptor() ([]byte, []int)

Deprecated: Use AccessControl_ListRequest.ProtoReflect.Descriptor instead.

func (*AccessControl_ListRequest) GetEntities 

func (x *AccessControl_ListRequest) GetEntities() []*AccessControl_Entity

func (*AccessControl_ListRequest) GetOperator 

func (x *AccessControl_ListRequest) GetOperator() *protos.Identity

func (*AccessControl_ListRequest) ProtoMessage 

func (*AccessControl_ListRequest) ProtoMessage()

func (*AccessControl_ListRequest) ProtoReflect 

func (x *AccessControl_ListRequest) ProtoReflect() protoreflect.Message

func (*AccessControl_ListRequest) Reset 

func (x *AccessControl_ListRequest) Reset()

func (*AccessControl_ListRequest) String 

func (x *AccessControl_ListRequest) String() string

type AccessControl_Lists 

type AccessControl_Lists struct {
	Acls []*AccessControl_List `protobuf:"bytes,1,rep,name=acls,proto3" json:"acls,omitempty"`
	// contains filtered or unexported fields
}

func (*AccessControl_Lists) Descriptor deprecated 

func (*AccessControl_Lists) Descriptor() ([]byte, []int)

Deprecated: Use AccessControl_Lists.ProtoReflect.Descriptor instead.

func (*AccessControl_Lists) GetAcls 

func (x *AccessControl_Lists) GetAcls() []*AccessControl_List

func (*AccessControl_Lists) ProtoMessage 

func (*AccessControl_Lists) ProtoMessage()

func (*AccessControl_Lists) ProtoReflect 

func (x *AccessControl_Lists) ProtoReflect() protoreflect.Message

func (*AccessControl_Lists) Reset 

func (x *AccessControl_Lists) Reset()

func (*AccessControl_Lists) String 

func (x *AccessControl_Lists) String() string

type AccessControl_Permission 

type AccessControl_Permission int32

All permission definitions are used as bitmasks & should be 2**N 

const (
	AccessControl_NONE  AccessControl_Permission = 0
	AccessControl_READ  AccessControl_Permission = 1
	AccessControl_WRITE AccessControl_Permission = 2
)
var ACCESS_CONTROL_ALL_PERMISSIONS AccessControl_Permission

ACCESS_CONTROL_ALL_PERMISSIONS is a bitmask for all existing permissions unfortunately, it cannot be const since it has to be 'built' by package's init to simplify future maintenance

func GetEntityPermissions 

func GetEntityPermissions(
	acl *AccessControl_List,
	entity *protos.Identity,
) AccessControl_Permission

GetEntityPermissions returns the aggregated ACL's permissions for a given entity. Aggregated permissions are calculated by ORing permissions for a wildcard of the entity type (if present in the ACL) with permissions for the entity's exact Identity match (if present): 

perm = permissions[Id Type Wildcard] | permissions[Id Of Entity]

getEntityPermissions will return AccessControl_NONE if the entity's identity is not in the list and the list doesn't have a corresponding to the entity type wildcard.

func (AccessControl_Permission) Descriptor 

func (AccessControl_Permission) Descriptor() protoreflect.EnumDescriptor

func (AccessControl_Permission) Enum 

func (x AccessControl_Permission) Enum() *AccessControl_Permission

func (AccessControl_Permission) EnumDescriptor deprecated 

func (AccessControl_Permission) EnumDescriptor() ([]byte, []int)

Deprecated: Use AccessControl_Permission.Descriptor instead.

func (AccessControl_Permission) Number 

func (x AccessControl_Permission) Number() protoreflect.EnumNumber

func (AccessControl_Permission) String 

func (x AccessControl_Permission) String() string

func (AccessControl_Permission) ToString 

func (p AccessControl_Permission) ToString() string

ToString returns a string representation of AccessControl_Permission as a mask protoc generated String() receiver treats it as enum and does not represent the 'mask' use case

func (AccessControl_Permission) Type 

func (AccessControl_Permission) Type() protoreflect.EnumType

type AccessControl_PermissionsRequest 

type AccessControl_PermissionsRequest struct {
	Operator *protos.Identity `protobuf:"bytes,1,opt,name=operator,proto3" json:"operator,omitempty"` // Identity of operator => entities' manager
	Entity   *protos.Identity `protobuf:"bytes,2,opt,name=entity,proto3" json:"entity,omitempty"`     // Operated/managed entity
	// contains filtered or unexported fields
}

RPC Request used to verify permissions for operator on a given entity

func (*AccessControl_PermissionsRequest) Descriptor deprecated 

func (*AccessControl_PermissionsRequest) Descriptor() ([]byte, []int)

Deprecated: Use AccessControl_PermissionsRequest.ProtoReflect.Descriptor instead.

func (*AccessControl_PermissionsRequest) GetEntity 

func (x *AccessControl_PermissionsRequest) GetEntity() *protos.Identity

func (*AccessControl_PermissionsRequest) GetOperator 

func (x *AccessControl_PermissionsRequest) GetOperator() *protos.Identity

func (*AccessControl_PermissionsRequest) ProtoMessage 

func (*AccessControl_PermissionsRequest) ProtoMessage()

func (*AccessControl_PermissionsRequest) ProtoReflect 

func (x *AccessControl_PermissionsRequest) ProtoReflect() protoreflect.Message

func (*AccessControl_PermissionsRequest) Reset 

func (x *AccessControl_PermissionsRequest) Reset()

func (*AccessControl_PermissionsRequest) String 

func (x *AccessControl_PermissionsRequest) String() string

type UnimplementedAccessControlManagerServer 

type UnimplementedAccessControlManagerServer struct {
}

UnimplementedAccessControlManagerServer can be embedded to have forward compatible implementations.

func (*UnimplementedAccessControlManagerServer) CheckPermissions 

func (*UnimplementedAccessControlManagerServer) CheckPermissions(context.Context, *AccessControl_ListRequest) (*protos.Void, error)

func (*UnimplementedAccessControlManagerServer) DeleteEntity 

func (*UnimplementedAccessControlManagerServer) DeleteEntity(context.Context, *protos.Identity) (*protos.Void, error)

func (*UnimplementedAccessControlManagerServer) DeleteOperator 

func (*UnimplementedAccessControlManagerServer) DeleteOperator(context.Context, *protos.Identity) (*protos.Void, error)

func (*UnimplementedAccessControlManagerServer) GetOperatorACL 

func (*UnimplementedAccessControlManagerServer) GetOperatorACL(context.Context, *protos.Identity) (*AccessControl_List, error)

func (*UnimplementedAccessControlManagerServer) GetOperatorsACLs 

func (*UnimplementedAccessControlManagerServer) GetOperatorsACLs(context.Context, *protos.Identity_List) (*AccessControl_Lists, error)

func (*UnimplementedAccessControlManagerServer) GetPermissions 

func (*UnimplementedAccessControlManagerServer) GetPermissions(context.Context, *AccessControl_PermissionsRequest) (*AccessControl_Entity, error)

func (*UnimplementedAccessControlManagerServer) ListOperators 

func (*UnimplementedAccessControlManagerServer) ListOperators(context.Context, *protos.Void) (*protos.Identity_List, error)

func (*UnimplementedAccessControlManagerServer) SetOperator 

func (*UnimplementedAccessControlManagerServer) SetOperator(context.Context, *AccessControl_ListRequest) (*protos.Void, error)

func (*UnimplementedAccessControlManagerServer) UpdateOperator 

func (*UnimplementedAccessControlManagerServer) UpdateOperator(context.Context, *AccessControl_ListRequest) (*protos.Void, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.