Documentation ¶
Overview ¶
access_helper provides ToString() receiver for AccessControl_Permission mask
Index ¶
- Variables
- func AddToACL(acl *AccessControl_List, entities []*AccessControl_Entity) error
- func CheckEntitiesPermissions(acl *AccessControl_List, entList []*AccessControl_Entity) error
- func GetHashToACL(acls []*AccessControl_List) map[string]*AccessControl_List
- func RegisterAccessControlManagerServer(s *grpc.Server, srv AccessControlManagerServer)
- func VerifyACLRequest(req *AccessControl_ListRequest) error
- func VerifyPermissionsRequest(req *AccessControl_PermissionsRequest) error
- type AccessControl
- type AccessControlManagerClient
- type AccessControlManagerServer
- type AccessControl_Entity
- func (*AccessControl_Entity) Descriptor() ([]byte, []int)deprecated
- func (x *AccessControl_Entity) GetId() *protos.Identity
- func (x *AccessControl_Entity) GetPermissions() AccessControl_Permission
- func (*AccessControl_Entity) ProtoMessage()
- func (x *AccessControl_Entity) ProtoReflect() protoreflect.Message
- func (x *AccessControl_Entity) Reset()
- func (x *AccessControl_Entity) String() string
- type AccessControl_List
- func (*AccessControl_List) Descriptor() ([]byte, []int)deprecated
- func (x *AccessControl_List) GetEntities() map[string]*AccessControl_Entity
- func (x *AccessControl_List) GetOperator() *protos.Identity
- func (*AccessControl_List) ProtoMessage()
- func (x *AccessControl_List) ProtoReflect() protoreflect.Message
- func (x *AccessControl_List) Reset()
- func (x *AccessControl_List) String() string
- type AccessControl_ListRequest
- func (*AccessControl_ListRequest) Descriptor() ([]byte, []int)deprecated
- func (x *AccessControl_ListRequest) GetEntities() []*AccessControl_Entity
- func (x *AccessControl_ListRequest) GetOperator() *protos.Identity
- func (*AccessControl_ListRequest) ProtoMessage()
- func (x *AccessControl_ListRequest) ProtoReflect() protoreflect.Message
- func (x *AccessControl_ListRequest) Reset()
- func (x *AccessControl_ListRequest) String() string
- type AccessControl_Lists
- func (*AccessControl_Lists) Descriptor() ([]byte, []int)deprecated
- func (x *AccessControl_Lists) GetAcls() []*AccessControl_List
- func (*AccessControl_Lists) ProtoMessage()
- func (x *AccessControl_Lists) ProtoReflect() protoreflect.Message
- func (x *AccessControl_Lists) Reset()
- func (x *AccessControl_Lists) String() string
- type AccessControl_Permission
- func (AccessControl_Permission) Descriptor() protoreflect.EnumDescriptor
- func (x AccessControl_Permission) Enum() *AccessControl_Permission
- func (AccessControl_Permission) EnumDescriptor() ([]byte, []int)deprecated
- func (x AccessControl_Permission) Number() protoreflect.EnumNumber
- func (x AccessControl_Permission) String() string
- func (p AccessControl_Permission) ToString() string
- func (AccessControl_Permission) Type() protoreflect.EnumType
- type AccessControl_PermissionsRequest
- func (*AccessControl_PermissionsRequest) Descriptor() ([]byte, []int)deprecated
- func (x *AccessControl_PermissionsRequest) GetEntity() *protos.Identity
- func (x *AccessControl_PermissionsRequest) GetOperator() *protos.Identity
- func (*AccessControl_PermissionsRequest) ProtoMessage()
- func (x *AccessControl_PermissionsRequest) ProtoReflect() protoreflect.Message
- func (x *AccessControl_PermissionsRequest) Reset()
- func (x *AccessControl_PermissionsRequest) String() string
- type UnimplementedAccessControlManagerServer
- func (*UnimplementedAccessControlManagerServer) CheckPermissions(context.Context, *AccessControl_ListRequest) (*protos.Void, error)
- func (*UnimplementedAccessControlManagerServer) DeleteEntity(context.Context, *protos.Identity) (*protos.Void, error)
- func (*UnimplementedAccessControlManagerServer) DeleteOperator(context.Context, *protos.Identity) (*protos.Void, error)
- func (*UnimplementedAccessControlManagerServer) GetOperatorACL(context.Context, *protos.Identity) (*AccessControl_List, error)
- func (*UnimplementedAccessControlManagerServer) GetOperatorsACLs(context.Context, *protos.Identity_List) (*AccessControl_Lists, error)
- func (*UnimplementedAccessControlManagerServer) GetPermissions(context.Context, *AccessControl_PermissionsRequest) (*AccessControl_Entity, error)
- func (*UnimplementedAccessControlManagerServer) ListOperators(context.Context, *protos.Void) (*protos.Identity_List, error)
- func (*UnimplementedAccessControlManagerServer) SetOperator(context.Context, *AccessControl_ListRequest) (*protos.Void, error)
- func (*UnimplementedAccessControlManagerServer) UpdateOperator(context.Context, *AccessControl_ListRequest) (*protos.Void, error)
Constants ¶
This section is empty.
Variables ¶
var ( AccessControl_Permission_name = map[int32]string{ 0: "NONE", 1: "READ", 2: "WRITE", } AccessControl_Permission_value = map[string]int32{ "NONE": 0, "READ": 1, "WRITE": 2, } )
Enum value maps for AccessControl_Permission.
var File_access_proto protoreflect.FileDescriptor
Functions ¶
func AddToACL ¶
func AddToACL(acl *AccessControl_List, entities []*AccessControl_Entity) error
AddToACL adds slice of Entities to the acl of Operator 'oper'. If an entity with the same Id is already in the ACL, it'll be updated.
func CheckEntitiesPermissions ¶
func CheckEntitiesPermissions( acl *AccessControl_List, entList []*AccessControl_Entity, ) error
CheckEntitiesPermissions verifies permissions for given entList with given ACL. Returns nil if all entities from entList have at least requested permissions in the ACL, error otherwise
func GetHashToACL ¶
func GetHashToACL(acls []*AccessControl_List) map[string]*AccessControl_List
GetHashToACL converts the passed slice to a map, whose keys are the hash strings of each ACL's operator.
func RegisterAccessControlManagerServer ¶
func RegisterAccessControlManagerServer(s *grpc.Server, srv AccessControlManagerServer)
func VerifyACLRequest ¶
func VerifyACLRequest(req *AccessControl_ListRequest) error
func VerifyPermissionsRequest ¶
func VerifyPermissionsRequest(req *AccessControl_PermissionsRequest) error
VerifyPermissionsRequest is a helper function which checks validity of AccessControl_PermissionsRequest.
Types ¶
type AccessControl ¶
type AccessControl struct {
// contains filtered or unexported fields
}
Access Control Data Structures & Definitions
func (*AccessControl) Descriptor
deprecated
func (*AccessControl) Descriptor() ([]byte, []int)
Deprecated: Use AccessControl.ProtoReflect.Descriptor instead.
func (*AccessControl) ProtoMessage ¶
func (*AccessControl) ProtoMessage()
func (*AccessControl) ProtoReflect ¶
func (x *AccessControl) ProtoReflect() protoreflect.Message
func (*AccessControl) Reset ¶
func (x *AccessControl) Reset()
func (*AccessControl) String ¶
func (x *AccessControl) String() string
type AccessControlManagerClient ¶
type AccessControlManagerClient interface { // Overwrites Permissions for operator Identity to manage others // Request includes ACL to set for the Operator // If the Operator doesn't exist - creates a new operator with the given ACL SetOperator(ctx context.Context, in *AccessControl_ListRequest, opts ...grpc.CallOption) (*protos.Void, error) // Adds Permissions for one Identity to manage others // Request includes ACL to add (append to the existing ACL) for the Operator UpdateOperator(ctx context.Context, in *AccessControl_ListRequest, opts ...grpc.CallOption) (*protos.Void, error) // Removes all operator's permissions (the entire operator's ACL) DeleteOperator(ctx context.Context, in *protos.Identity, opts ...grpc.CallOption) (*protos.Void, error) // Returns the managing Identity's permissions list GetOperatorACL(ctx context.Context, in *protos.Identity, opts ...grpc.CallOption) (*AccessControl_List, error) // Returns the managing Identity's permissions list GetOperatorsACLs(ctx context.Context, in *protos.Identity_List, opts ...grpc.CallOption) (*AccessControl_Lists, error) // Returns the managing Identity's permissions for a given entity // NOTE: Takes into account wildcards for the entity's type in the ACL GetPermissions(ctx context.Context, in *AccessControl_PermissionsRequest, opts ...grpc.CallOption) (*AccessControl_Entity, error) // CheckPermissions verifies Operator permissions for a list of given // Identities. AccessControl.ListRequest.entities is a list of // Identities and their corresponding permissions requested by the operator // CheckPermissions will return success only if all requested permissions // are satisfied (AND logic) // Intended to be used for multi-Identity requests such as Network Identity // AND REST API Identity, etc. CheckPermissions(ctx context.Context, in *AccessControl_ListRequest, opts ...grpc.CallOption) (*protos.Void, error) // Lists all globally registered operators on the cloud ListOperators(ctx context.Context, in *protos.Void, opts ...grpc.CallOption) (*protos.Identity_List, error) // Cleanup a given entity from all Operators' ACLs DeleteEntity(ctx context.Context, in *protos.Identity, opts ...grpc.CallOption) (*protos.Void, error) }
AccessControlManagerClient is the client API for AccessControlManager service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
func NewAccessControlManagerClient ¶
func NewAccessControlManagerClient(cc grpc.ClientConnInterface) AccessControlManagerClient
type AccessControlManagerServer ¶
type AccessControlManagerServer interface { // Overwrites Permissions for operator Identity to manage others // Request includes ACL to set for the Operator // If the Operator doesn't exist - creates a new operator with the given ACL SetOperator(context.Context, *AccessControl_ListRequest) (*protos.Void, error) // Adds Permissions for one Identity to manage others // Request includes ACL to add (append to the existing ACL) for the Operator UpdateOperator(context.Context, *AccessControl_ListRequest) (*protos.Void, error) // Removes all operator's permissions (the entire operator's ACL) DeleteOperator(context.Context, *protos.Identity) (*protos.Void, error) // Returns the managing Identity's permissions list GetOperatorACL(context.Context, *protos.Identity) (*AccessControl_List, error) // Returns the managing Identity's permissions list GetOperatorsACLs(context.Context, *protos.Identity_List) (*AccessControl_Lists, error) // Returns the managing Identity's permissions for a given entity // NOTE: Takes into account wildcards for the entity's type in the ACL GetPermissions(context.Context, *AccessControl_PermissionsRequest) (*AccessControl_Entity, error) // CheckPermissions verifies Operator permissions for a list of given // Identities. AccessControl.ListRequest.entities is a list of // Identities and their corresponding permissions requested by the operator // CheckPermissions will return success only if all requested permissions // are satisfied (AND logic) // Intended to be used for multi-Identity requests such as Network Identity // AND REST API Identity, etc. CheckPermissions(context.Context, *AccessControl_ListRequest) (*protos.Void, error) // Lists all globally registered operators on the cloud ListOperators(context.Context, *protos.Void) (*protos.Identity_List, error) // Cleanup a given entity from all Operators' ACLs DeleteEntity(context.Context, *protos.Identity) (*protos.Void, error) }
AccessControlManagerServer is the server API for AccessControlManager service.
type AccessControl_Entity ¶
type AccessControl_Entity struct { Id *protos.Identity `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` Permissions AccessControl_Permission `` // permissions bitmask, READ|WRITE == full access /* 126-byte string literal not displayed */ // contains filtered or unexported fields }
"Managed/monitored" entity record
func (*AccessControl_Entity) Descriptor
deprecated
func (*AccessControl_Entity) Descriptor() ([]byte, []int)
Deprecated: Use AccessControl_Entity.ProtoReflect.Descriptor instead.
func (*AccessControl_Entity) GetId ¶
func (x *AccessControl_Entity) GetId() *protos.Identity
func (*AccessControl_Entity) GetPermissions ¶
func (x *AccessControl_Entity) GetPermissions() AccessControl_Permission
func (*AccessControl_Entity) ProtoMessage ¶
func (*AccessControl_Entity) ProtoMessage()
func (*AccessControl_Entity) ProtoReflect ¶
func (x *AccessControl_Entity) ProtoReflect() protoreflect.Message
func (*AccessControl_Entity) Reset ¶
func (x *AccessControl_Entity) Reset()
func (*AccessControl_Entity) String ¶
func (x *AccessControl_Entity) String() string
type AccessControl_List ¶
type AccessControl_List struct { Operator *protos.Identity `protobuf:"bytes,1,opt,name=operator,proto3" json:"operator,omitempty"` // Map entity's hash string -> entity Entities map[string]*AccessControl_Entity `` /* 157-byte string literal not displayed */ // contains filtered or unexported fields }
Operator's Access Control List (map)
func (*AccessControl_List) Descriptor
deprecated
func (*AccessControl_List) Descriptor() ([]byte, []int)
Deprecated: Use AccessControl_List.ProtoReflect.Descriptor instead.
func (*AccessControl_List) GetEntities ¶
func (x *AccessControl_List) GetEntities() map[string]*AccessControl_Entity
func (*AccessControl_List) GetOperator ¶
func (x *AccessControl_List) GetOperator() *protos.Identity
func (*AccessControl_List) ProtoMessage ¶
func (*AccessControl_List) ProtoMessage()
func (*AccessControl_List) ProtoReflect ¶
func (x *AccessControl_List) ProtoReflect() protoreflect.Message
func (*AccessControl_List) Reset ¶
func (x *AccessControl_List) Reset()
func (*AccessControl_List) String ¶
func (x *AccessControl_List) String() string
type AccessControl_ListRequest ¶
type AccessControl_ListRequest struct { Operator *protos.Identity `protobuf:"bytes,1,opt,name=operator,proto3" json:"operator,omitempty"` // Identity of operator => entities' manager Entities []*AccessControl_Entity `protobuf:"bytes,2,rep,name=entities,proto3" json:"entities,omitempty"` // Operated/managed entities & permissions // contains filtered or unexported fields }
RPC Request/Responce used to 1) manage AND 2) check permissions 1. When Adding or Modifying permissions entities will represent managed entities Operator's permissions 2. When verifying permissions, entities will represent a list of Identities and their corresponding permissions requested by the operator
func (*AccessControl_ListRequest) Descriptor
deprecated
func (*AccessControl_ListRequest) Descriptor() ([]byte, []int)
Deprecated: Use AccessControl_ListRequest.ProtoReflect.Descriptor instead.
func (*AccessControl_ListRequest) GetEntities ¶
func (x *AccessControl_ListRequest) GetEntities() []*AccessControl_Entity
func (*AccessControl_ListRequest) GetOperator ¶
func (x *AccessControl_ListRequest) GetOperator() *protos.Identity
func (*AccessControl_ListRequest) ProtoMessage ¶
func (*AccessControl_ListRequest) ProtoMessage()
func (*AccessControl_ListRequest) ProtoReflect ¶
func (x *AccessControl_ListRequest) ProtoReflect() protoreflect.Message
func (*AccessControl_ListRequest) Reset ¶
func (x *AccessControl_ListRequest) Reset()
func (*AccessControl_ListRequest) String ¶
func (x *AccessControl_ListRequest) String() string
type AccessControl_Lists ¶
type AccessControl_Lists struct { Acls []*AccessControl_List `protobuf:"bytes,1,rep,name=acls,proto3" json:"acls,omitempty"` // contains filtered or unexported fields }
func (*AccessControl_Lists) Descriptor
deprecated
func (*AccessControl_Lists) Descriptor() ([]byte, []int)
Deprecated: Use AccessControl_Lists.ProtoReflect.Descriptor instead.
func (*AccessControl_Lists) GetAcls ¶
func (x *AccessControl_Lists) GetAcls() []*AccessControl_List
func (*AccessControl_Lists) ProtoMessage ¶
func (*AccessControl_Lists) ProtoMessage()
func (*AccessControl_Lists) ProtoReflect ¶
func (x *AccessControl_Lists) ProtoReflect() protoreflect.Message
func (*AccessControl_Lists) Reset ¶
func (x *AccessControl_Lists) Reset()
func (*AccessControl_Lists) String ¶
func (x *AccessControl_Lists) String() string
type AccessControl_Permission ¶
type AccessControl_Permission int32
All permission definitions are used as bitmasks & should be 2**N
const ( AccessControl_NONE AccessControl_Permission = 0 AccessControl_READ AccessControl_Permission = 1 AccessControl_WRITE AccessControl_Permission = 2 )
var ACCESS_CONTROL_ALL_PERMISSIONS AccessControl_Permission
ACCESS_CONTROL_ALL_PERMISSIONS is a bitmask for all existing permissions unfortunately, it cannot be const since it has to be 'built' by package's init to simplify future maintenance
func GetEntityPermissions ¶
func GetEntityPermissions( acl *AccessControl_List, entity *protos.Identity, ) AccessControl_Permission
GetEntityPermissions returns the aggregated ACL's permissions for a given entity. Aggregated permissions are calculated by ORing permissions for a wildcard of the entity type (if present in the ACL) with permissions for the entity's exact Identity match (if present):
perm = permissions[Id Type Wildcard] | permissions[Id Of Entity]
getEntityPermissions will return AccessControl_NONE if the entity's identity is not in the list and the list doesn't have a corresponding to the entity type wildcard.
func (AccessControl_Permission) Descriptor ¶
func (AccessControl_Permission) Descriptor() protoreflect.EnumDescriptor
func (AccessControl_Permission) Enum ¶
func (x AccessControl_Permission) Enum() *AccessControl_Permission
func (AccessControl_Permission) EnumDescriptor
deprecated
func (AccessControl_Permission) EnumDescriptor() ([]byte, []int)
Deprecated: Use AccessControl_Permission.Descriptor instead.
func (AccessControl_Permission) Number ¶
func (x AccessControl_Permission) Number() protoreflect.EnumNumber
func (AccessControl_Permission) String ¶
func (x AccessControl_Permission) String() string
func (AccessControl_Permission) ToString ¶
func (p AccessControl_Permission) ToString() string
ToString returns a string representation of AccessControl_Permission as a mask protoc generated String() receiver treats it as enum and does not represent the 'mask' use case
func (AccessControl_Permission) Type ¶
func (AccessControl_Permission) Type() protoreflect.EnumType
type AccessControl_PermissionsRequest ¶
type AccessControl_PermissionsRequest struct { Operator *protos.Identity `protobuf:"bytes,1,opt,name=operator,proto3" json:"operator,omitempty"` // Identity of operator => entities' manager Entity *protos.Identity `protobuf:"bytes,2,opt,name=entity,proto3" json:"entity,omitempty"` // Operated/managed entity // contains filtered or unexported fields }
RPC Request used to verify permissions for operator on a given entity
func (*AccessControl_PermissionsRequest) Descriptor
deprecated
func (*AccessControl_PermissionsRequest) Descriptor() ([]byte, []int)
Deprecated: Use AccessControl_PermissionsRequest.ProtoReflect.Descriptor instead.
func (*AccessControl_PermissionsRequest) GetEntity ¶
func (x *AccessControl_PermissionsRequest) GetEntity() *protos.Identity
func (*AccessControl_PermissionsRequest) GetOperator ¶
func (x *AccessControl_PermissionsRequest) GetOperator() *protos.Identity
func (*AccessControl_PermissionsRequest) ProtoMessage ¶
func (*AccessControl_PermissionsRequest) ProtoMessage()
func (*AccessControl_PermissionsRequest) ProtoReflect ¶
func (x *AccessControl_PermissionsRequest) ProtoReflect() protoreflect.Message
func (*AccessControl_PermissionsRequest) Reset ¶
func (x *AccessControl_PermissionsRequest) Reset()
func (*AccessControl_PermissionsRequest) String ¶
func (x *AccessControl_PermissionsRequest) String() string
type UnimplementedAccessControlManagerServer ¶
type UnimplementedAccessControlManagerServer struct { }
UnimplementedAccessControlManagerServer can be embedded to have forward compatible implementations.
func (*UnimplementedAccessControlManagerServer) CheckPermissions ¶
func (*UnimplementedAccessControlManagerServer) CheckPermissions(context.Context, *AccessControl_ListRequest) (*protos.Void, error)
func (*UnimplementedAccessControlManagerServer) DeleteEntity ¶
func (*UnimplementedAccessControlManagerServer) DeleteOperator ¶
func (*UnimplementedAccessControlManagerServer) GetOperatorACL ¶
func (*UnimplementedAccessControlManagerServer) GetOperatorACL(context.Context, *protos.Identity) (*AccessControl_List, error)
func (*UnimplementedAccessControlManagerServer) GetOperatorsACLs ¶
func (*UnimplementedAccessControlManagerServer) GetOperatorsACLs(context.Context, *protos.Identity_List) (*AccessControl_Lists, error)
func (*UnimplementedAccessControlManagerServer) GetPermissions ¶
func (*UnimplementedAccessControlManagerServer) GetPermissions(context.Context, *AccessControl_PermissionsRequest) (*AccessControl_Entity, error)
func (*UnimplementedAccessControlManagerServer) ListOperators ¶
func (*UnimplementedAccessControlManagerServer) ListOperators(context.Context, *protos.Void) (*protos.Identity_List, error)
func (*UnimplementedAccessControlManagerServer) SetOperator ¶
func (*UnimplementedAccessControlManagerServer) SetOperator(context.Context, *AccessControl_ListRequest) (*protos.Void, error)
func (*UnimplementedAccessControlManagerServer) UpdateOperator ¶
func (*UnimplementedAccessControlManagerServer) UpdateOperator(context.Context, *AccessControl_ListRequest) (*protos.Void, error)