Documentation
¶
Index ¶
- Constants
- Variables
- func Backups(classes ...string) []string
- func Cluster() string
- func Collections(classes ...string) []string
- func CollectionsData(classes ...string) []string
- func CollectionsMetadata(classes ...string) []string
- func Nodes(verbosity string, classes ...string) []string
- func Objects(class, shard string, id strfmt.UUID) string
- func Roles(roles ...string) []string
- func ShardsData(class string, shards ...string) []string
- func ShardsMetadata(class string, shards ...string) []string
- func String(s string) *string
- func Users(users ...string) []string
- type Authorizer
- type Controller
- type DummyAuthorizer
- type Policy
Constants ¶
const ( // CREATE Represents the action to create a new resource. CREATE = "C" // READ Represents the action to retrieve a resource. READ = "R" // UPDATE Represents the action to update an existing resource. UPDATE = "U" // DELETE Represents the action to delete a resource. DELETE = "D" )
const ( UsersDomain = "users" RolesDomain = "roles" ClusterDomain = "cluster" NodesDomain = "nodes" BackupsDomain = "backups" SchemaDomain = "schema" DataDomain = "data" )
Variables ¶
var ( All = String("*") AllBackups = &models.PermissionBackups{ Collection: All, } AllData = &models.PermissionData{ Collection: All, Tenant: All, Object: All, } AllNodes = &models.PermissionNodes{ Verbosity: String(verbosity.OutputVerbose), Collection: All, } AllRoles = &models.PermissionRoles{ Role: All, } AllCollections = &models.PermissionCollections{ Collection: All, Tenant: All, } ComponentName = "RBAC" // Note: if a new action added, don't forget to add it to availableWeaviateActions // to be added to built in roles // any action has to contain of `{verb}_{domain}` verb: CREATE, READ, UPDATE, DELETE domain: roles, users, cluster, collections, data ManageRoles = "manage_roles" ReadRoles = "read_roles" ManageUsers = "manage_users" ReadCluster = "read_cluster" ReadNodes = "read_nodes" ManageBackups = "manage_backups" ManageCollections = "manage_collections" CreateCollections = "create_collections" ReadCollections = "read_collections" UpdateCollections = "update_collections" DeleteCollections = "delete_collections" ManageData = "manage_data" CreateData = "create_data" ReadData = "read_data" UpdateData = "update_data" DeleteData = "delete_data" )
var ( Viewer = "viewer" Admin = "admin" BuiltInRoles = []string{Viewer, Admin} // viewer : can view everything , roles, users, schema, data // editor : can create/read/update everything , roles, users, schema, data // Admin : aka basically super Admin or root BuiltInPermissions = map[string][]*models.Permission{ Viewer: viewerPermissions(), Admin: adminPermissions(), } )
Functions ¶
func Backups ¶
Example outputs: - "backups/*" if the backend is an empty string - "backups/{backend}" for the provided backend
func Cluster ¶
func Cluster() string
Cluster returns a string representing the cluster authorization scope. The returned string is "cluster/*", which can be used to specify that the authorization applies to all resources within the cluster.
func Collections ¶
func CollectionsData ¶
func CollectionsMetadata ¶
CollectionsMetadata generates a list of resource strings for the given classes. If no classes are provided, it returns a default resource string "collections/*". Each class is formatted as "collection/{class}".
Parameters:
classes - a variadic parameter representing the class names.
Returns:
A slice of strings representing the resource paths.
func Objects ¶
Objects generates a string representing a path to objects within a collection and shard. The path format varies based on the provided class, shard, and id parameters.
Parameters: - class: the class of the collection (string) - shard: the shard identifier (string) - id: the unique identifier of the object (strfmt.UUID)
Returns: - A string representing the path to the objects, with wildcards (*) used for any empty parameters.
Example outputs: - "collections/*/shards/*/objects/*" if all parameters are empty - "collections/*/shards/*/objects/{id}" if only id is provided - "collections/{class}/shards/{shard}/objects/{id}" if all parameters are provided
func Roles ¶
Roles generates a list of role resource strings based on the provided role names. If no role names are provided, it returns a default role resource string "roles/*".
Parameters:
roles - A variadic parameter representing the role names.
Returns:
A slice of strings where each string is a formatted role resource string.
func ShardsData ¶
func ShardsMetadata ¶
ShardsMetadata generates a list of shard resource strings for a given class and shards. If the class is an empty string, it defaults to "*". If no shards are provided, it returns a single resource string with a wildcard for shards. If shards are provided, it returns a list of resource strings for each shard.
Parameters:
- class: The class name for the resource. If empty, defaults to "*".
- shards: A variadic list of shard names. If empty, a wildcard is used.
Returns:
A slice of strings representing the resource paths for the given class and shards.
func Users ¶
Users generates a list of user resource strings based on the provided user names. If no user names are provided, it returns a default user resource string "users/*".
Parameters:
users - A variadic parameter representing the user names.
Returns:
A slice of strings where each string is a formatted user resource string.
Types ¶
type Authorizer ¶
type Authorizer interface {
Authorize(principal *models.Principal, verb string, resources ...string) error
}
Authorizer always makes a yes/no decision on a specific resource. Which authorization technique is used in the background (e.g. RBAC, adminlist, ...) is hidden through this interface
type Controller ¶
type Controller interface {
UpsertRolesPermissions(roles map[string][]Policy) error
GetRoles(names ...string) (map[string][]Policy, error)
DeleteRoles(roles ...string) error
AddRolesForUser(user string, roles []string) error
GetRolesForUser(user string) (map[string][]Policy, error)
GetUsersForRole(role string) ([]string, error)
RevokeRolesForUser(user string, roles ...string) error
RemovePermissions(role string, permissions []*Policy) error
HasPermission(role string, permission *Policy) (bool, error)
}
type DummyAuthorizer ¶
type DummyAuthorizer struct{}
DummyAuthorizer is a pluggable Authorizer which can be used if no specific authorizer is configured. It will allow every auth decision, i.e. it is effectively the same as "no authorization at all"
Source Files
Directories