rbac

package
v0.0.0-...-045f829 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 21, 2025 License: Apache-2.0 Imports: 1 Imported by: 300

Documentation

Index

Constants

View Source
const (
	ActionAll = Action("*") // action match any other actions

	ActionPull = Action("pull") // pull repository tag
	ActionPush = Action("push") // push repository tag

	// create, read, update, delete, list actions compatible with restful api methods
	ActionCreate = Action("create")
	ActionRead   = Action("read")
	ActionUpdate = Action("update")
	ActionDelete = Action("delete")
	ActionList   = Action("list")

	ActionOperate     = Action("operate")
	ActionScannerPull = Action("scanner-pull") // for robot account created by scanner to pull image, bypass the policy check
	ActionStop        = Action("stop")         // for stop scan/scan-all execution
)

const action variables

View Source
const (
	ResourceAll                = Resource("*")             // resource match any other resources
	ResourceConfiguration      = Resource("configuration") // project configuration compatible for portal only
	ResourceLabel              = Resource("label")
	ResourceLog                = Resource("log")
	ResourceLdapUser           = Resource("ldap-user")
	ResourceMember             = Resource("member")
	ResourceMetadata           = Resource("metadata")
	ResourceQuota              = Resource("quota")
	ResourceRepository         = Resource("repository")
	ResourceTagRetention       = Resource("tag-retention")
	ResourceImmutableTag       = Resource("immutable-tag")
	ResourceRobot              = Resource("robot")
	ResourceNotificationPolicy = Resource("notification-policy")
	ResourceScan               = Resource("scan")
	ResourceSBOM               = Resource("sbom")
	ResourceScanner            = Resource("scanner")
	ResourceArtifact           = Resource("artifact")
	ResourceTag                = Resource("tag")
	ResourceAccessory          = Resource("accessory")
	ResourceArtifactAddition   = Resource("artifact-addition")
	ResourceArtifactLabel      = Resource("artifact-label")
	ResourcePreatPolicy        = Resource("preheat-policy")
	ResourcePreatInstance      = Resource("preheat-instance")
	ResourceSelf               = Resource("") // subresource for self

	ResourceAuditLog           = Resource("audit-log")
	ResourceCatalog            = Resource("catalog")
	ResourceProject            = Resource("project")
	ResourceUser               = Resource("user")
	ResourceUserGroup          = Resource("user-group")
	ResourceRegistry           = Resource("registry")
	ResourceReplication        = Resource("replication")
	ResourceDistribution       = Resource("distribution")
	ResourceGarbageCollection  = Resource("garbage-collection")
	ResourceReplicationAdapter = Resource("replication-adapter")
	ResourceReplicationPolicy  = Resource("replication-policy")
	ResourceScanAll            = Resource("scan-all")
	ResourceSystemVolumes      = Resource("system-volumes")
	ResourcePurgeAuditLog      = Resource("purge-audit")
	ResourceExportCVE          = Resource("export-cve")
	ResourceJobServiceMonitor  = Resource("jobservice-monitor")
	ResourceSecurityHub        = Resource("security-hub")
)

const resource variables

View Source
const (
	ScopeSystem  = scope("System")
	ScopeProject = scope("Project")
)

Variables

View Source
var (
	PoliciesMap = map[scope][]*types.Policy{
		ScopeSystem: {
			{Resource: ResourceAuditLog, Action: ActionList},

			{Resource: ResourcePreatInstance, Action: ActionRead},
			{Resource: ResourcePreatInstance, Action: ActionCreate},
			{Resource: ResourcePreatInstance, Action: ActionDelete},
			{Resource: ResourcePreatInstance, Action: ActionList},
			{Resource: ResourcePreatInstance, Action: ActionUpdate},

			{Resource: ResourceProject, Action: ActionList},
			{Resource: ResourceProject, Action: ActionCreate},

			{Resource: ResourceReplicationPolicy, Action: ActionRead},
			{Resource: ResourceReplicationPolicy, Action: ActionCreate},
			{Resource: ResourceReplicationPolicy, Action: ActionDelete},
			{Resource: ResourceReplicationPolicy, Action: ActionList},
			{Resource: ResourceReplicationPolicy, Action: ActionUpdate},

			{Resource: ResourceReplication, Action: ActionRead},
			{Resource: ResourceReplication, Action: ActionCreate},
			{Resource: ResourceReplication, Action: ActionList},

			{Resource: ResourceReplicationAdapter, Action: ActionList},

			{Resource: ResourceRegistry, Action: ActionRead},
			{Resource: ResourceRegistry, Action: ActionCreate},
			{Resource: ResourceRegistry, Action: ActionDelete},
			{Resource: ResourceRegistry, Action: ActionList},
			{Resource: ResourceRegistry, Action: ActionUpdate},

			{Resource: ResourceScanAll, Action: ActionRead},
			{Resource: ResourceScanAll, Action: ActionUpdate},
			{Resource: ResourceScanAll, Action: ActionStop},
			{Resource: ResourceScanAll, Action: ActionCreate},

			{Resource: ResourceSystemVolumes, Action: ActionRead},

			{Resource: ResourceGarbageCollection, Action: ActionRead},
			{Resource: ResourceGarbageCollection, Action: ActionCreate},
			{Resource: ResourceGarbageCollection, Action: ActionList},
			{Resource: ResourceGarbageCollection, Action: ActionUpdate},
			{Resource: ResourceGarbageCollection, Action: ActionStop},

			{Resource: ResourcePurgeAuditLog, Action: ActionRead},
			{Resource: ResourcePurgeAuditLog, Action: ActionCreate},
			{Resource: ResourcePurgeAuditLog, Action: ActionList},
			{Resource: ResourcePurgeAuditLog, Action: ActionUpdate},
			{Resource: ResourcePurgeAuditLog, Action: ActionStop},

			{Resource: ResourceJobServiceMonitor, Action: ActionList},
			{Resource: ResourceJobServiceMonitor, Action: ActionStop},

			{Resource: ResourceScanner, Action: ActionRead},
			{Resource: ResourceScanner, Action: ActionCreate},
			{Resource: ResourceScanner, Action: ActionDelete},
			{Resource: ResourceScanner, Action: ActionList},
			{Resource: ResourceScanner, Action: ActionUpdate},

			{Resource: ResourceLabel, Action: ActionRead},
			{Resource: ResourceLabel, Action: ActionCreate},
			{Resource: ResourceLabel, Action: ActionDelete},
			{Resource: ResourceLabel, Action: ActionUpdate},

			{Resource: ResourceSecurityHub, Action: ActionRead},
			{Resource: ResourceSecurityHub, Action: ActionList},

			{Resource: ResourceCatalog, Action: ActionRead},

			{Resource: ResourceQuota, Action: ActionRead},
			{Resource: ResourceQuota, Action: ActionList},
		},
		ScopeProject: {
			{Resource: ResourceLog, Action: ActionList},

			{Resource: ResourceProject, Action: ActionRead},
			{Resource: ResourceProject, Action: ActionDelete},
			{Resource: ResourceProject, Action: ActionUpdate},

			{Resource: ResourceMetadata, Action: ActionRead},
			{Resource: ResourceMetadata, Action: ActionCreate},
			{Resource: ResourceMetadata, Action: ActionDelete},
			{Resource: ResourceMetadata, Action: ActionList},
			{Resource: ResourceMetadata, Action: ActionUpdate},

			{Resource: ResourceRepository, Action: ActionRead},
			{Resource: ResourceRepository, Action: ActionUpdate},
			{Resource: ResourceRepository, Action: ActionDelete},
			{Resource: ResourceRepository, Action: ActionList},
			{Resource: ResourceRepository, Action: ActionPull},
			{Resource: ResourceRepository, Action: ActionPush},

			{Resource: ResourceArtifact, Action: ActionRead},
			{Resource: ResourceArtifact, Action: ActionCreate},
			{Resource: ResourceArtifact, Action: ActionList},
			{Resource: ResourceArtifact, Action: ActionDelete},

			{Resource: ResourceScan, Action: ActionCreate},
			{Resource: ResourceScan, Action: ActionRead},
			{Resource: ResourceScan, Action: ActionStop},

			{Resource: ResourceSBOM, Action: ActionCreate},
			{Resource: ResourceSBOM, Action: ActionStop},
			{Resource: ResourceSBOM, Action: ActionRead},

			{Resource: ResourceTag, Action: ActionCreate},
			{Resource: ResourceTag, Action: ActionList},
			{Resource: ResourceTag, Action: ActionDelete},

			{Resource: ResourceAccessory, Action: ActionList},

			{Resource: ResourceArtifactAddition, Action: ActionRead},

			{Resource: ResourceArtifactLabel, Action: ActionCreate},
			{Resource: ResourceArtifactLabel, Action: ActionDelete},

			{Resource: ResourceScanner, Action: ActionCreate},
			{Resource: ResourceScanner, Action: ActionRead},

			{Resource: ResourcePreatPolicy, Action: ActionRead},
			{Resource: ResourcePreatPolicy, Action: ActionCreate},
			{Resource: ResourcePreatPolicy, Action: ActionDelete},
			{Resource: ResourcePreatPolicy, Action: ActionList},
			{Resource: ResourcePreatPolicy, Action: ActionUpdate},

			{Resource: ResourceImmutableTag, Action: ActionCreate},
			{Resource: ResourceImmutableTag, Action: ActionDelete},
			{Resource: ResourceImmutableTag, Action: ActionList},
			{Resource: ResourceImmutableTag, Action: ActionUpdate},

			{Resource: ResourceNotificationPolicy, Action: ActionRead},
			{Resource: ResourceNotificationPolicy, Action: ActionCreate},
			{Resource: ResourceNotificationPolicy, Action: ActionDelete},
			{Resource: ResourceNotificationPolicy, Action: ActionList},
			{Resource: ResourceNotificationPolicy, Action: ActionUpdate},

			{Resource: ResourceTagRetention, Action: ActionRead},
			{Resource: ResourceTagRetention, Action: ActionCreate},
			{Resource: ResourceTagRetention, Action: ActionDelete},
			{Resource: ResourceTagRetention, Action: ActionList},
			{Resource: ResourceTagRetention, Action: ActionUpdate},

			{Resource: ResourceLabel, Action: ActionRead},
			{Resource: ResourceLabel, Action: ActionCreate},
			{Resource: ResourceLabel, Action: ActionDelete},
			{Resource: ResourceLabel, Action: ActionList},
			{Resource: ResourceLabel, Action: ActionUpdate},

			{Resource: ResourceQuota, Action: ActionRead},
		},
	}
)

Functions

This section is empty.

Types

type Action

type Action = types.Action

Action alias type for types.Action

type BaseProvider

type BaseProvider struct {
}

BaseProvider ...

func (*BaseProvider) GetPermissions

func (d *BaseProvider) GetPermissions(s scope) []*types.Policy

GetPermissions ...

type NolimitProvider

type NolimitProvider struct {
	BaseProvider
}

NolimitProvider ...

func (*NolimitProvider) GetPermissions

func (n *NolimitProvider) GetPermissions(s scope) []*types.Policy

GetPermissions ...

type Resource

type Resource = types.Resource

Resource alias type for types.Resource

type RobotPermissionProvider

type RobotPermissionProvider interface {
	GetPermissions(s scope) []*types.Policy
}

RobotPermissionProvider defines the permission provider for robot account

func GetPermissionProvider

func GetPermissionProvider() RobotPermissionProvider

GetPermissionProvider gives the robot permission provider

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL