Documentation
¶
Overview ¶
Accessd service provides the gRPC interface for cloud services & REST server to check & manage Identity access permissions.
Index ¶
- type AccessControlServer
- func (srv *AccessControlServer) CheckPermissions(ctx context.Context, req *accessprotos.AccessControl_ListRequest) (*protos.Void, error)
- func (srv *AccessControlServer) DeleteEntity(ctx context.Context, ent *protos.Identity) (*protos.Void, error)
- func (srv *AccessControlServer) DeleteOperator(ctx context.Context, oper *protos.Identity) (*protos.Void, error)
- func (srv *AccessControlServer) GetOperatorACL(ctx context.Context, oper *protos.Identity) (*accessprotos.AccessControl_List, error)
- func (srv *AccessControlServer) GetOperatorsACLs(ctx context.Context, opers *protos.Identity_List) (*accessprotos.AccessControl_Lists, error)
- func (srv *AccessControlServer) GetPermissions(ctx context.Context, req *accessprotos.AccessControl_PermissionsRequest) (*accessprotos.AccessControl_Entity, error)
- func (srv *AccessControlServer) ListOperators(ctx context.Context, _ *protos.Void) (*protos.Identity_List, error)
- func (srv *AccessControlServer) SetOperator(ctx context.Context, req *accessprotos.AccessControl_ListRequest) (*protos.Void, error)
- func (srv *AccessControlServer) UpdateOperator(ctx context.Context, req *accessprotos.AccessControl_ListRequest) (*protos.Void, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AccessControlServer ¶
type AccessControlServer struct {
// contains filtered or unexported fields
}
func NewAccessdServer ¶
func NewAccessdServer(store storage.AccessdStorage) *AccessControlServer
func (*AccessControlServer) CheckPermissions ¶
func (srv *AccessControlServer) CheckPermissions( ctx context.Context, req *accessprotos.AccessControl_ListRequest, ) (*protos.Void, error)
Returns the managing Identity's permissions for a given entity NOTE: Takes into account wildcards for the entity's type in the ACL
func (*AccessControlServer) DeleteEntity ¶
func (srv *AccessControlServer) DeleteEntity(ctx context.Context, ent *protos.Identity) (*protos.Void, error)
Cleanup a given entity from all Operators' ACLs TBD: This needs to be implemented to avoid security venerability when deleting
a network with customer selected ID (vs. generated by the cloud ID)
func (*AccessControlServer) DeleteOperator ¶
func (srv *AccessControlServer) DeleteOperator(ctx context.Context, oper *protos.Identity) (*protos.Void, error)
DeleteOperator Removes all operator's permissions (the entire operator's ACL)
func (*AccessControlServer) GetOperatorACL ¶
func (srv *AccessControlServer) GetOperatorACL(ctx context.Context, oper *protos.Identity) (*accessprotos.AccessControl_List, error)
GetOperatorACL Returns the managing Identity's permissions list
func (*AccessControlServer) GetOperatorsACLs ¶
func (srv *AccessControlServer) GetOperatorsACLs( ctx context.Context, opers *protos.Identity_List, ) (*accessprotos.AccessControl_Lists, error)
GetOperatorsACLs Returns the managing Identities' permissions list
func (*AccessControlServer) GetPermissions ¶
func (srv *AccessControlServer) GetPermissions( ctx context.Context, req *accessprotos.AccessControl_PermissionsRequest, ) (*accessprotos.AccessControl_Entity, error)
Returns the managing Identity's permissions for a given entity NOTE: Takes into account wildcards for the entity's type in the ACL
func (*AccessControlServer) ListOperators ¶
func (srv *AccessControlServer) ListOperators(ctx context.Context, _ *protos.Void) (*protos.Identity_List, error)
Lists all globally registered operators on the cloud
func (*AccessControlServer) SetOperator ¶
func (srv *AccessControlServer) SetOperator(ctx context.Context, req *accessprotos.AccessControl_ListRequest) (*protos.Void, error)
SetOperator Overwrites Permissions for operator Identity to manage others Request includes ACL to add for the Operator
func (*AccessControlServer) UpdateOperator ¶
func (srv *AccessControlServer) UpdateOperator(ctx context.Context, req *accessprotos.AccessControl_ListRequest) (*protos.Void, error)
AddACL Adds Permissions for one Identity to manage others Request includes ACL to add for the Operator
Source Files