rbac

package

v0.3.3 Latest Latest Go to latest Published: Oct 23, 2024 License: MPL-2.0 Imports: 2 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/leg100/otf

Links

Open Source Insights

Documentation ¶

Overview ¶

Package rbac is concerned with authorization

Index ¶

Variables
type Action
- func (i Action) String() string
type Role
- func WorkspaceRoleFromString(role string) (Role, error)
- func (r Role) IsAllowed(action Action) bool
- func (r Role) String() string

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// OrganizationMinPermissions are permissions granted to all team
	// members within an organization.
	OrganizationMinPermissions = Role{
								// contains filtered or unexported fields
	}

	// WorkspaceReadRole is scoped to a workspace and permits read-only actions
	// on the workspace.
	WorkspaceReadRole = Role{
						// contains filtered or unexported fields
	}

	// WorkspacePlanRole is scoped to a workspace and permits creating plans on
	// the workspace.
	WorkspacePlanRole = Role{
						// contains filtered or unexported fields
	}

	// WorkspaceWriteRole is scoped to a workspace and permits write actions on
	// the workspace.
	WorkspaceWriteRole = Role{
						// contains filtered or unexported fields
	}

	// WorkspaceAdminRole is scoped to a workspace and permits management of the
	// workspace.
	WorkspaceAdminRole = Role{
						// contains filtered or unexported fields
	}

	// WorkspaceManagerRole is scoped to an organization and permits management
	// of workspaces.
	WorkspaceManagerRole = Role{
							// contains filtered or unexported fields
	}

	// VCSManagerRole is scoped to an organization and permits management of VCS
	// providers.
	VCSManagerRole = Role{
					// contains filtered or unexported fields
	}

	// RegistryManagerRole is scoped to an organization and permits management
	// of registry of modules and providers
	RegistryManagerRole = Role{
						// contains filtered or unexported fields
	}
)

Functions ¶

This section is empty.

Types ¶

type Action ¶

type Action int

Action identifies an action a subject carries out on a resource for authorization purposes.

const (
	WatchAction Action = iota
	CreateOrganizationAction
	UpdateOrganizationAction
	GetOrganizationAction
	ListOrganizationsAction
	GetEntitlementsAction
	DeleteOrganizationAction

	CreateVCSProviderAction
	GetVCSProviderAction
	ListVCSProvidersAction
	DeleteVCSProviderAction

	CreateAgentPoolAction
	UpdateAgentPoolAction
	ListAgentPoolsAction
	GetAgentPoolAction
	DeleteAgentPoolAction

	CreateAgentTokenAction
	ListAgentTokensAction
	GetAgentTokenAction
	DeleteAgentTokenAction

	ListAgentsAction
	WatchAgentsAction

	CreateOrganizationTokenAction
	DeleteOrganizationTokenAction

	CreateRunTokenAction

	CreateTeamTokenAction
	GetTeamTokenAction
	DeleteTeamTokenAction

	CreateModuleAction
	CreateModuleVersionAction
	UpdateModuleAction
	ListModulesAction
	GetModuleAction
	DeleteModuleAction
	DeleteModuleVersionAction

	CreateWorkspaceVariableAction
	UpdateWorkspaceVariableAction
	ListWorkspaceVariablesAction
	GetWorkspaceVariableAction
	DeleteWorkspaceVariableAction

	CreateVariableSetAction
	UpdateVariableSetAction
	ListVariableSetsAction
	GetVariableSetAction
	DeleteVariableSetAction

	CreateVariableSetVariableAction
	UpdateVariableSetVariableAction
	GetVariableSetVariableAction
	DeleteVariableSetVariableAction

	AddVariableToSetAction
	RemoveVariableFromSetAction

	ApplyVariableSetToWorkspacesAction
	DeleteVariableSetFromWorkspacesAction

	GetRunAction
	ListRunsAction
	ApplyRunAction
	CreateRunAction
	DiscardRunAction
	DeleteRunAction
	CancelRunAction
	ForceCancelRunAction
	EnqueuePlanAction
	PutChunkAction
	TailLogsAction

	GetPlanFileAction
	UploadPlanFileAction

	GetLockFileAction
	UploadLockFileAction

	ListWorkspacesAction
	GetWorkspaceAction
	CreateWorkspaceAction
	DeleteWorkspaceAction
	SetWorkspacePermissionAction
	UnsetWorkspacePermissionAction
	UpdateWorkspaceAction

	ListTagsAction
	DeleteTagsAction
	TagWorkspacesAction
	AddTagsAction
	RemoveTagsAction
	ListWorkspaceTags

	LockWorkspaceAction
	UnlockWorkspaceAction
	ForceUnlockWorkspaceAction

	CreateStateVersionAction
	ListStateVersionsAction
	GetStateVersionAction
	DeleteStateVersionAction
	RollbackStateVersionAction
	UploadStateAction
	DownloadStateAction
	GetStateVersionOutputAction

	CreateConfigurationVersionAction
	ListConfigurationVersionsAction
	GetConfigurationVersionAction
	DownloadConfigurationVersionAction
	DeleteConfigurationVersionAction

	CreateUserAction
	ListUsersAction
	GetUserAction
	DeleteUserAction

	CreateTeamAction
	UpdateTeamAction
	GetTeamAction
	ListTeamsAction
	DeleteTeamAction
	AddTeamMembershipAction
	RemoveTeamMembershipAction

	CreateNotificationConfigurationAction
	UpdateNotificationConfigurationAction
	ListNotificationConfigurationsAction
	GetNotificationConfigurationAction
	DeleteNotificationConfigurationAction

	CreateGithubAppAction
	UpdateGithubAppAction
	GetGithubAppAction
	ListGithubAppsAction
	DeleteGithubAppAction
	CreateGithubAppInstallAction
	DeleteGithubAppInstallAction
)

func (Action) String ¶

func (i Action) String() string

type Role ¶

type Role struct {
	// contains filtered or unexported fields
}

Role is a set of permitted actions

func WorkspaceRoleFromString ¶

func WorkspaceRoleFromString(role string) (Role, error)

func (Role) IsAllowed ¶

func (r Role) IsAllowed(action Action) bool

func (Role) String ¶

func (r Role) String() string

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL