acl

package

v0.9.0-rc2 Latest Latest Go to latest Published: Apr 3, 2019 License: MPL-2.0 Imports: 7 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/iqoqo/nomad

Documentation ¶

Index ¶

Constants
type ACL
- func NewACL(management bool, policies []*Policy) (*ACL, error)
type AgentPolicy
type NamespacePolicy
type NodePolicy
type OperatorPolicy
type Policy
- func Parse(rules string) (*Policy, error)
- func (p *Policy) IsEmpty() bool
type QuotaPolicy

Constants ¶

View Source

const (
	// The following levels are the only valid values for the `policy = "read"` stanza.
	// When policies are merged together, the most privilege is granted, except for deny
	// which always takes precedence and supercedes.
	PolicyDeny  = "deny"
	PolicyRead  = "read"
	PolicyWrite = "write"
)

View Source

const (
	// The following are the fine-grained capabilities that can be granted within a namespace.
	// The Policy stanza is a short hand for granting several of these. When capabilities are
	// combined we take the union of all capabilities. If the deny capability is present, it
	// takes precedence and overwrites all other capabilities.
	NamespaceCapabilityDeny             = "deny"
	NamespaceCapabilityListJobs         = "list-jobs"
	NamespaceCapabilityReadJob          = "read-job"
	NamespaceCapabilitySubmitJob        = "submit-job"
	NamespaceCapabilityDispatchJob      = "dispatch-job"
	NamespaceCapabilityReadLogs         = "read-logs"
	NamespaceCapabilityReadFS           = "read-fs"
	NamespaceCapabilitySentinelOverride = "sentinel-override"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ACL ¶

type ACL struct {
	// contains filtered or unexported fields
}

ACL object is used to convert a set of policies into a structure that can be efficiently evaluated to determine if an action is allowed.

var ManagementACL *ACL

ManagementACL is a singleton used for management tokens

func NewACL ¶

func NewACL(management bool, policies []*Policy) (*ACL, error)

NewACL compiles a set of policies into an ACL object

func (*ACL) AllowAgentRead ¶

func (a *ACL) AllowAgentRead() bool

AllowAgentRead checks if read operations are allowed for an agent

func (*ACL) AllowAgentWrite ¶

func (a *ACL) AllowAgentWrite() bool

AllowAgentWrite checks if write operations are allowed for an agent

func (*ACL) AllowNamespace ¶

func (a *ACL) AllowNamespace(ns string) bool

AllowNamespace checks if any operations are allowed for a namespace

func (*ACL) AllowNamespaceOperation ¶

func (a *ACL) AllowNamespaceOperation(ns string, op string) bool

AllowNamespaceOperation checks if a given operation is allowed for a namespace

func (*ACL) AllowNodeRead ¶

func (a *ACL) AllowNodeRead() bool

AllowNodeRead checks if read operations are allowed for a node

func (*ACL) AllowNodeWrite ¶

func (a *ACL) AllowNodeWrite() bool

AllowNodeWrite checks if write operations are allowed for a node

func (*ACL) AllowNsOp ¶

func (a *ACL) AllowNsOp(ns string, op string) bool

AllowNsOp is shorthand for AllowNamespaceOperation

func (*ACL) AllowOperatorRead ¶

func (a *ACL) AllowOperatorRead() bool

AllowOperatorRead checks if read operations are allowed for a operator

func (*ACL) AllowOperatorWrite ¶

func (a *ACL) AllowOperatorWrite() bool

AllowOperatorWrite checks if write operations are allowed for a operator

func (*ACL) AllowQuotaRead ¶

func (a *ACL) AllowQuotaRead() bool

AllowQuotaRead checks if read operations are allowed for all quotas

func (*ACL) AllowQuotaWrite ¶

func (a *ACL) AllowQuotaWrite() bool

AllowQuotaWrite checks if write operations are allowed for quotas

func (*ACL) IsManagement ¶

func (a *ACL) IsManagement() bool

IsManagement checks if this represents a management token

type AgentPolicy ¶

type AgentPolicy struct {
	Policy string
}

type NamespacePolicy ¶

type NamespacePolicy struct {
	Name         string `hcl:",key"`
	Policy       string
	Capabilities []string
}

NamespacePolicy is the policy for a specific namespace

type NodePolicy ¶

type NodePolicy struct {
	Policy string
}

type OperatorPolicy ¶

type OperatorPolicy struct {
	Policy string
}

type Policy ¶

type Policy struct {
	Namespaces []*NamespacePolicy `hcl:"namespace,expand"`
	Agent      *AgentPolicy       `hcl:"agent"`
	Node       *NodePolicy        `hcl:"node"`
	Operator   *OperatorPolicy    `hcl:"operator"`
	Quota      *QuotaPolicy       `hcl:"quota"`
	Raw        string             `hcl:"-"`
}

Policy represents a parsed HCL or JSON policy.

func Parse ¶

func Parse(rules string) (*Policy, error)

Parse is used to parse the specified ACL rules into an intermediary set of policies, before being compiled into the ACL

func (*Policy) IsEmpty ¶

func (p *Policy) IsEmpty() bool

IsEmpty checks to make sure that at least one policy has been set and is not comprised of only a raw policy.

type QuotaPolicy ¶

type QuotaPolicy struct {
	Policy string
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL