Documentation ¶
Index ¶
Constants ¶
View Source
const ( ActionAll = Action("*") // action match any other actions ActionPull = Action("pull") // pull repository tag ActionPush = Action("push") // push repository tag // create, read, update, delete, list actions compatible with restful api methods ActionCreate = Action("create") ActionRead = Action("read") ActionUpdate = Action("update") ActionDelete = Action("delete") ActionList = Action("list") ActionOperate = Action("operate") ActionScannerPull = Action("scanner-pull") // for robot account created by scanner to pull image, bypass the policy check ActionStop = Action("stop") // for stop scan/scan-all execution )
const action variables
View Source
const ( ResourceAll = Resource("*") // resource match any other resources ResourceConfiguration = Resource("configuration") // project configuration compatible for portal only ResourceLabel = Resource("label") ResourceLog = Resource("log") ResourceLdapUser = Resource("ldap-user") ResourceMember = Resource("member") ResourceMetadata = Resource("metadata") ResourceQuota = Resource("quota") ResourceRepository = Resource("repository") ResourceTagRetention = Resource("tag-retention") ResourceImmutableTag = Resource("immutable-tag") ResourceRobot = Resource("robot") ResourceNotificationPolicy = Resource("notification-policy") ResourceScan = Resource("scan") ResourceSBOM = Resource("sbom") ResourceScanner = Resource("scanner") ResourceArtifact = Resource("artifact") ResourceTag = Resource("tag") ResourceAccessory = Resource("accessory") ResourceArtifactAddition = Resource("artifact-addition") ResourceArtifactLabel = Resource("artifact-label") ResourcePreatPolicy = Resource("preheat-policy") ResourcePreatInstance = Resource("preheat-instance") ResourceSelf = Resource("") // subresource for self ResourceAuditLog = Resource("audit-log") ResourceCatalog = Resource("catalog") ResourceProject = Resource("project") ResourceUser = Resource("user") ResourceUserGroup = Resource("user-group") ResourceRegistry = Resource("registry") ResourceReplication = Resource("replication") ResourceDistribution = Resource("distribution") ResourceGarbageCollection = Resource("garbage-collection") ResourceReplicationAdapter = Resource("replication-adapter") ResourceReplicationPolicy = Resource("replication-policy") ResourceScanAll = Resource("scan-all") ResourceSystemVolumes = Resource("system-volumes") ResourcePurgeAuditLog = Resource("purge-audit") ResourceExportCVE = Resource("export-cve") ResourceJobServiceMonitor = Resource("jobservice-monitor") ResourceSecurityHub = Resource("security-hub") )
const resource variables
View Source
const ( ScopeSystem = scope("System") ScopeProject = scope("Project") )
Variables ¶
View Source
var ( PoliciesMap = map[scope][]*types.Policy{ ScopeSystem: { {Resource: ResourceAuditLog, Action: ActionList}, {Resource: ResourcePreatInstance, Action: ActionRead}, {Resource: ResourcePreatInstance, Action: ActionCreate}, {Resource: ResourcePreatInstance, Action: ActionDelete}, {Resource: ResourcePreatInstance, Action: ActionList}, {Resource: ResourcePreatInstance, Action: ActionUpdate}, {Resource: ResourceProject, Action: ActionList}, {Resource: ResourceProject, Action: ActionCreate}, {Resource: ResourceReplicationPolicy, Action: ActionRead}, {Resource: ResourceReplicationPolicy, Action: ActionCreate}, {Resource: ResourceReplicationPolicy, Action: ActionDelete}, {Resource: ResourceReplicationPolicy, Action: ActionList}, {Resource: ResourceReplicationPolicy, Action: ActionUpdate}, {Resource: ResourceReplication, Action: ActionRead}, {Resource: ResourceReplication, Action: ActionCreate}, {Resource: ResourceReplication, Action: ActionList}, {Resource: ResourceReplicationAdapter, Action: ActionList}, {Resource: ResourceRegistry, Action: ActionRead}, {Resource: ResourceRegistry, Action: ActionCreate}, {Resource: ResourceRegistry, Action: ActionDelete}, {Resource: ResourceRegistry, Action: ActionList}, {Resource: ResourceRegistry, Action: ActionUpdate}, {Resource: ResourceScanAll, Action: ActionRead}, {Resource: ResourceScanAll, Action: ActionUpdate}, {Resource: ResourceScanAll, Action: ActionStop}, {Resource: ResourceScanAll, Action: ActionCreate}, {Resource: ResourceSystemVolumes, Action: ActionRead}, {Resource: ResourceGarbageCollection, Action: ActionRead}, {Resource: ResourceGarbageCollection, Action: ActionCreate}, {Resource: ResourceGarbageCollection, Action: ActionList}, {Resource: ResourceGarbageCollection, Action: ActionUpdate}, {Resource: ResourceGarbageCollection, Action: ActionStop}, {Resource: ResourcePurgeAuditLog, Action: ActionRead}, {Resource: ResourcePurgeAuditLog, Action: ActionCreate}, {Resource: ResourcePurgeAuditLog, Action: ActionList}, {Resource: ResourcePurgeAuditLog, Action: ActionUpdate}, {Resource: ResourcePurgeAuditLog, Action: ActionStop}, {Resource: ResourceJobServiceMonitor, Action: ActionList}, {Resource: ResourceJobServiceMonitor, Action: ActionStop}, {Resource: ResourceScanner, Action: ActionRead}, {Resource: ResourceScanner, Action: ActionCreate}, {Resource: ResourceScanner, Action: ActionDelete}, {Resource: ResourceScanner, Action: ActionList}, {Resource: ResourceScanner, Action: ActionUpdate}, {Resource: ResourceLabel, Action: ActionRead}, {Resource: ResourceLabel, Action: ActionCreate}, {Resource: ResourceLabel, Action: ActionDelete}, {Resource: ResourceLabel, Action: ActionUpdate}, {Resource: ResourceSecurityHub, Action: ActionRead}, {Resource: ResourceSecurityHub, Action: ActionList}, {Resource: ResourceCatalog, Action: ActionRead}, {Resource: ResourceQuota, Action: ActionRead}, {Resource: ResourceQuota, Action: ActionList}, }, ScopeProject: { {Resource: ResourceLog, Action: ActionList}, {Resource: ResourceProject, Action: ActionRead}, {Resource: ResourceProject, Action: ActionDelete}, {Resource: ResourceProject, Action: ActionUpdate}, {Resource: ResourceMetadata, Action: ActionRead}, {Resource: ResourceMetadata, Action: ActionCreate}, {Resource: ResourceMetadata, Action: ActionDelete}, {Resource: ResourceMetadata, Action: ActionList}, {Resource: ResourceMetadata, Action: ActionUpdate}, {Resource: ResourceRepository, Action: ActionRead}, {Resource: ResourceRepository, Action: ActionUpdate}, {Resource: ResourceRepository, Action: ActionDelete}, {Resource: ResourceRepository, Action: ActionList}, {Resource: ResourceRepository, Action: ActionPull}, {Resource: ResourceRepository, Action: ActionPush}, {Resource: ResourceArtifact, Action: ActionRead}, {Resource: ResourceArtifact, Action: ActionCreate}, {Resource: ResourceArtifact, Action: ActionList}, {Resource: ResourceArtifact, Action: ActionDelete}, {Resource: ResourceScan, Action: ActionCreate}, {Resource: ResourceScan, Action: ActionRead}, {Resource: ResourceScan, Action: ActionStop}, {Resource: ResourceSBOM, Action: ActionCreate}, {Resource: ResourceSBOM, Action: ActionStop}, {Resource: ResourceSBOM, Action: ActionRead}, {Resource: ResourceTag, Action: ActionCreate}, {Resource: ResourceTag, Action: ActionList}, {Resource: ResourceTag, Action: ActionDelete}, {Resource: ResourceAccessory, Action: ActionList}, {Resource: ResourceArtifactAddition, Action: ActionRead}, {Resource: ResourceArtifactLabel, Action: ActionCreate}, {Resource: ResourceArtifactLabel, Action: ActionDelete}, {Resource: ResourceScanner, Action: ActionCreate}, {Resource: ResourceScanner, Action: ActionRead}, {Resource: ResourcePreatPolicy, Action: ActionRead}, {Resource: ResourcePreatPolicy, Action: ActionCreate}, {Resource: ResourcePreatPolicy, Action: ActionDelete}, {Resource: ResourcePreatPolicy, Action: ActionList}, {Resource: ResourcePreatPolicy, Action: ActionUpdate}, {Resource: ResourceImmutableTag, Action: ActionCreate}, {Resource: ResourceImmutableTag, Action: ActionDelete}, {Resource: ResourceImmutableTag, Action: ActionList}, {Resource: ResourceImmutableTag, Action: ActionUpdate}, {Resource: ResourceNotificationPolicy, Action: ActionRead}, {Resource: ResourceNotificationPolicy, Action: ActionCreate}, {Resource: ResourceNotificationPolicy, Action: ActionDelete}, {Resource: ResourceNotificationPolicy, Action: ActionList}, {Resource: ResourceNotificationPolicy, Action: ActionUpdate}, {Resource: ResourceTagRetention, Action: ActionRead}, {Resource: ResourceTagRetention, Action: ActionCreate}, {Resource: ResourceTagRetention, Action: ActionDelete}, {Resource: ResourceTagRetention, Action: ActionList}, {Resource: ResourceTagRetention, Action: ActionUpdate}, {Resource: ResourceLabel, Action: ActionRead}, {Resource: ResourceLabel, Action: ActionCreate}, {Resource: ResourceLabel, Action: ActionDelete}, {Resource: ResourceLabel, Action: ActionList}, {Resource: ResourceLabel, Action: ActionUpdate}, {Resource: ResourceQuota, Action: ActionRead}, }, } )
Functions ¶
This section is empty.
Types ¶
type BaseProvider ¶
type BaseProvider struct { }
BaseProvider ...
func (*BaseProvider) GetPermissions ¶
func (d *BaseProvider) GetPermissions(s scope) []*types.Policy
GetPermissions ...
type NolimitProvider ¶
type NolimitProvider struct {
BaseProvider
}
NolimitProvider ...
func (*NolimitProvider) GetPermissions ¶
func (n *NolimitProvider) GetPermissions(s scope) []*types.Policy
GetPermissions ...
type RobotPermissionProvider ¶
RobotPermissionProvider defines the permission provider for robot account
func GetPermissionProvider ¶
func GetPermissionProvider() RobotPermissionProvider
GetPermissionProvider gives the robot permission provider
Click to show internal directories.
Click to hide internal directories.