Documentation ¶
Index ¶
- type AccessControlEntry
- type AccessControlList
- type AccessControlListsCollection
- type AceExtendedInformation
- type ActionDefinition
- type Client
- type ClientImpl
- func (client *ClientImpl) HasPermissions(ctx context.Context, args HasPermissionsArgs) (*[]bool, error)
- func (client *ClientImpl) HasPermissionsBatch(ctx context.Context, args HasPermissionsBatchArgs) (*PermissionEvaluationBatch, error)
- func (client *ClientImpl) QueryAccessControlLists(ctx context.Context, args QueryAccessControlListsArgs) (*[]AccessControlList, error)
- func (client *ClientImpl) QuerySecurityNamespaces(ctx context.Context, args QuerySecurityNamespacesArgs) (*[]SecurityNamespaceDescription, error)
- func (client *ClientImpl) RemoveAccessControlEntries(ctx context.Context, args RemoveAccessControlEntriesArgs) (*bool, error)
- func (client *ClientImpl) RemoveAccessControlLists(ctx context.Context, args RemoveAccessControlListsArgs) (*bool, error)
- func (client *ClientImpl) RemovePermission(ctx context.Context, args RemovePermissionArgs) (*AccessControlEntry, error)
- func (client *ClientImpl) SetAccessControlEntries(ctx context.Context, args SetAccessControlEntriesArgs) (*[]AccessControlEntry, error)
- func (client *ClientImpl) SetAccessControlLists(ctx context.Context, args SetAccessControlListsArgs) error
- type HasPermissionsArgs
- type HasPermissionsBatchArgs
- type PermissionEvaluation
- type PermissionEvaluationBatch
- type QueryAccessControlListsArgs
- type QuerySecurityNamespacesArgs
- type RemoveAccessControlEntriesArgs
- type RemoveAccessControlListsArgs
- type RemovePermissionArgs
- type SecurityNamespaceDescription
- type SetAccessControlEntriesArgs
- type SetAccessControlListsArgs
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AccessControlEntry ¶
type AccessControlEntry struct { // The set of permission bits that represent the actions that the associated descriptor is allowed to perform. Allow *int `json:"allow,omitempty"` // The set of permission bits that represent the actions that the associated descriptor is not allowed to perform. Deny *int `json:"deny,omitempty"` // The descriptor for the user this AccessControlEntry applies to. Descriptor *string `json:"descriptor,omitempty"` // This value, when set, reports the inherited and effective information for the associated descriptor. This value is only set on AccessControlEntries returned by the QueryAccessControlList(s) call when its includeExtendedInfo parameter is set to true. ExtendedInfo *AceExtendedInformation `json:"extendedInfo,omitempty"` }
Class for encapsulating the allowed and denied permissions for a given IdentityDescriptor.
type AccessControlList ¶
type AccessControlList struct { // Storage of permissions keyed on the identity the permission is for. AcesDictionary *map[string]AccessControlEntry `json:"acesDictionary,omitempty"` // True if this ACL holds ACEs that have extended information. IncludeExtendedInfo *bool `json:"includeExtendedInfo,omitempty"` // True if the given token inherits permissions from parents. InheritPermissions *bool `json:"inheritPermissions,omitempty"` // The token that this AccessControlList is for. Token *string `json:"token,omitempty"` }
The AccessControlList class is meant to associate a set of AccessControlEntries with a security token and its inheritance settings.
type AccessControlListsCollection ¶
type AccessControlListsCollection struct { }
A list of AccessControlList. An AccessControlList is meant to associate a set of AccessControlEntries with a security token and its inheritance settings.
type AceExtendedInformation ¶
type AceExtendedInformation struct { // This is the combination of all of the explicit and inherited permissions for this identity on this token. These are the permissions used when determining if a given user has permission to perform an action. EffectiveAllow *int `json:"effectiveAllow,omitempty"` // This is the combination of all of the explicit and inherited permissions for this identity on this token. These are the permissions used when determining if a given user has permission to perform an action. EffectiveDeny *int `json:"effectiveDeny,omitempty"` // These are the permissions that are inherited for this identity on this token. If the token does not inherit permissions this will be 0. Note that any permissions that have been explicitly set on this token for this identity, or any groups that this identity is a part of, are not included here. InheritedAllow *int `json:"inheritedAllow,omitempty"` // These are the permissions that are inherited for this identity on this token. If the token does not inherit permissions this will be 0. Note that any permissions that have been explicitly set on this token for this identity, or any groups that this identity is a part of, are not included here. InheritedDeny *int `json:"inheritedDeny,omitempty"` }
Holds the inherited and effective permission information for a given AccessControlEntry.
type ActionDefinition ¶
type ActionDefinition struct { // The bit mask integer for this action. Must be a power of 2. Bit *int `json:"bit,omitempty"` // The localized display name for this action. DisplayName *string `json:"displayName,omitempty"` // The non-localized name for this action. Name *string `json:"name,omitempty"` // The namespace that this action belongs to. This will only be used for reading from the database. NamespaceId *uuid.UUID `json:"namespaceId,omitempty"` }
type Client ¶
type Client interface { // [Preview API] Evaluates whether the caller has the specified permissions on the specified set of security tokens. HasPermissions(context.Context, HasPermissionsArgs) (*[]bool, error) // [Preview API] Evaluates multiple permissions for the calling user. Note: This method does not aggregate the results, nor does it short-circuit if one of the permissions evaluates to false. HasPermissionsBatch(context.Context, HasPermissionsBatchArgs) (*PermissionEvaluationBatch, error) // [Preview API] Return a list of access control lists for the specified security namespace and token. All ACLs in the security namespace will be retrieved if no optional parameters are provided. QueryAccessControlLists(context.Context, QueryAccessControlListsArgs) (*[]AccessControlList, error) // [Preview API] List all security namespaces or just the specified namespace. QuerySecurityNamespaces(context.Context, QuerySecurityNamespacesArgs) (*[]SecurityNamespaceDescription, error) // [Preview API] Remove the specified ACEs from the ACL belonging to the specified token. RemoveAccessControlEntries(context.Context, RemoveAccessControlEntriesArgs) (*bool, error) // [Preview API] Remove access control lists under the specfied security namespace. RemoveAccessControlLists(context.Context, RemoveAccessControlListsArgs) (*bool, error) // [Preview API] Removes the specified permissions on a security token for a user or group. RemovePermission(context.Context, RemovePermissionArgs) (*AccessControlEntry, error) // [Preview API] Add or update ACEs in the ACL for the provided token. The request body contains the target token, a list of [ACEs](https://docs.microsoft.com/en-us/rest/api/azure/devops/security/access%20control%20entries/set%20access%20control%20entries?#accesscontrolentry) and a optional merge parameter. In the case of a collision (by identity descriptor) with an existing ACE in the ACL, the "merge" parameter determines the behavior. If set, the existing ACE has its allow and deny merged with the incoming ACE's allow and deny. If unset, the existing ACE is displaced. SetAccessControlEntries(context.Context, SetAccessControlEntriesArgs) (*[]AccessControlEntry, error) // [Preview API] Create or update one or more access control lists. All data that currently exists for the ACLs supplied will be overwritten. SetAccessControlLists(context.Context, SetAccessControlListsArgs) error }
type ClientImpl ¶
type ClientImpl struct {
Client azuredevops.Client
}
func (*ClientImpl) HasPermissions ¶
func (client *ClientImpl) HasPermissions(ctx context.Context, args HasPermissionsArgs) (*[]bool, error)
[Preview API] Evaluates whether the caller has the specified permissions on the specified set of security tokens.
func (*ClientImpl) HasPermissionsBatch ¶
func (client *ClientImpl) HasPermissionsBatch(ctx context.Context, args HasPermissionsBatchArgs) (*PermissionEvaluationBatch, error)
[Preview API] Evaluates multiple permissions for the calling user. Note: This method does not aggregate the results, nor does it short-circuit if one of the permissions evaluates to false.
func (*ClientImpl) QueryAccessControlLists ¶
func (client *ClientImpl) QueryAccessControlLists(ctx context.Context, args QueryAccessControlListsArgs) (*[]AccessControlList, error)
[Preview API] Return a list of access control lists for the specified security namespace and token. All ACLs in the security namespace will be retrieved if no optional parameters are provided.
func (*ClientImpl) QuerySecurityNamespaces ¶
func (client *ClientImpl) QuerySecurityNamespaces(ctx context.Context, args QuerySecurityNamespacesArgs) (*[]SecurityNamespaceDescription, error)
[Preview API] List all security namespaces or just the specified namespace.
func (*ClientImpl) RemoveAccessControlEntries ¶
func (client *ClientImpl) RemoveAccessControlEntries(ctx context.Context, args RemoveAccessControlEntriesArgs) (*bool, error)
[Preview API] Remove the specified ACEs from the ACL belonging to the specified token.
func (*ClientImpl) RemoveAccessControlLists ¶
func (client *ClientImpl) RemoveAccessControlLists(ctx context.Context, args RemoveAccessControlListsArgs) (*bool, error)
[Preview API] Remove access control lists under the specfied security namespace.
func (*ClientImpl) RemovePermission ¶
func (client *ClientImpl) RemovePermission(ctx context.Context, args RemovePermissionArgs) (*AccessControlEntry, error)
[Preview API] Removes the specified permissions on a security token for a user or group.
func (*ClientImpl) SetAccessControlEntries ¶
func (client *ClientImpl) SetAccessControlEntries(ctx context.Context, args SetAccessControlEntriesArgs) (*[]AccessControlEntry, error)
[Preview API] Add or update ACEs in the ACL for the provided token. The request body contains the target token, a list of [ACEs](https://docs.microsoft.com/en-us/rest/api/azure/devops/security/access%20control%20entries/set%20access%20control%20entries?#accesscontrolentry) and a optional merge parameter. In the case of a collision (by identity descriptor) with an existing ACE in the ACL, the "merge" parameter determines the behavior. If set, the existing ACE has its allow and deny merged with the incoming ACE's allow and deny. If unset, the existing ACE is displaced.
func (*ClientImpl) SetAccessControlLists ¶
func (client *ClientImpl) SetAccessControlLists(ctx context.Context, args SetAccessControlListsArgs) error
[Preview API] Create or update one or more access control lists. All data that currently exists for the ACLs supplied will be overwritten.
type HasPermissionsArgs ¶
type HasPermissionsArgs struct { // (required) Security namespace identifier. SecurityNamespaceId *uuid.UUID // (optional) Permissions to evaluate. Permissions *int // (optional) One or more security tokens to evaluate. Tokens *string // (optional) If true and if the caller is an administrator, always return true. AlwaysAllowAdministrators *bool // (optional) Optional security token separator. Defaults to ",". Delimiter *string }
Arguments for the HasPermissions function
type HasPermissionsBatchArgs ¶
type HasPermissionsBatchArgs struct { // (required) The set of evaluation requests. EvalBatch *PermissionEvaluationBatch }
Arguments for the HasPermissionsBatch function
type PermissionEvaluation ¶
type PermissionEvaluation struct { // Permission bit for this evaluated permission. Permissions *int `json:"permissions,omitempty"` // Security namespace identifier for this evaluated permission. SecurityNamespaceId *uuid.UUID `json:"securityNamespaceId,omitempty"` // Security namespace-specific token for this evaluated permission. Token *string `json:"token,omitempty"` // Permission evaluation value. Value *bool `json:"value,omitempty"` }
Represents an evaluated permission.
type PermissionEvaluationBatch ¶
type PermissionEvaluationBatch struct { // True if members of the Administrators group should always pass the security check. AlwaysAllowAdministrators *bool `json:"alwaysAllowAdministrators,omitempty"` // Array of permission evaluations to evaluate. Evaluations *[]PermissionEvaluation `json:"evaluations,omitempty"` }
Represents a set of evaluated permissions.
type QueryAccessControlListsArgs ¶
type QueryAccessControlListsArgs struct { // (required) Security namespace identifier. SecurityNamespaceId *uuid.UUID // (optional) Security token Token *string // (optional) An optional filter string containing a list of identity descriptors separated by ',' whose ACEs should be retrieved. If this is left null, entire ACLs will be returned. Descriptors *string // (optional) If true, populate the extended information properties for the access control entries contained in the returned lists. IncludeExtendedInfo *bool // (optional) If true and this is a hierarchical namespace, return child ACLs of the specified token. Recurse *bool }
Arguments for the QueryAccessControlLists function
type QuerySecurityNamespacesArgs ¶
type QuerySecurityNamespacesArgs struct { // (optional) Security namespace identifier. SecurityNamespaceId *uuid.UUID // (optional) If true, retrieve only local security namespaces. LocalOnly *bool }
Arguments for the QuerySecurityNamespaces function
type RemoveAccessControlEntriesArgs ¶
type RemoveAccessControlEntriesArgs struct { // (required) Security namespace identifier. SecurityNamespaceId *uuid.UUID // (optional) The token whose ACL should be modified. Token *string // (optional) String containing a list of identity descriptors separated by ',' whose entries should be removed. Descriptors *string }
Arguments for the RemoveAccessControlEntries function
type RemoveAccessControlListsArgs ¶
type RemoveAccessControlListsArgs struct { // (required) Security namespace identifier. SecurityNamespaceId *uuid.UUID // (optional) One or more comma-separated security tokens Tokens *string // (optional) If true and this is a hierarchical namespace, also remove child ACLs of the specified tokens. Recurse *bool }
Arguments for the RemoveAccessControlLists function
type RemovePermissionArgs ¶
type RemovePermissionArgs struct { // (required) Security namespace identifier. SecurityNamespaceId *uuid.UUID // (required) Identity descriptor of the user to remove permissions for. Descriptor *string // (optional) Permissions to remove. Permissions *int // (optional) Security token to remove permissions for. Token *string }
Arguments for the RemovePermission function
type SecurityNamespaceDescription ¶
type SecurityNamespaceDescription struct { // The list of actions that this Security Namespace is responsible for securing. Actions *[]ActionDefinition `json:"actions,omitempty"` // This is the dataspace category that describes where the security information for this SecurityNamespace should be stored. DataspaceCategory *string `json:"dataspaceCategory,omitempty"` // This localized name for this namespace. DisplayName *string `json:"displayName,omitempty"` // If the security tokens this namespace will be operating on need to be split on certain character lengths to determine its elements, that length should be specified here. If not, this value will be -1. ElementLength *int `json:"elementLength,omitempty"` // This is the type of the extension that should be loaded from the plugins directory for extending this security namespace. ExtensionType *string `json:"extensionType,omitempty"` // If true, the security namespace is remotable, allowing another service to proxy the namespace. IsRemotable *bool `json:"isRemotable,omitempty"` // This non-localized for this namespace. Name *string `json:"name,omitempty"` // The unique identifier for this namespace. NamespaceId *uuid.UUID `json:"namespaceId,omitempty"` // The permission bits needed by a user in order to read security data on the Security Namespace. ReadPermission *int `json:"readPermission,omitempty"` // If the security tokens this namespace will be operating on need to be split on certain characters to determine its elements that character should be specified here. If not, this value will be the null character. SeparatorValue *string `json:"separatorValue,omitempty"` // Used to send information about the structure of the security namespace over the web service. StructureValue *int `json:"structureValue,omitempty"` // The bits reserved by system store SystemBitMask *int `json:"systemBitMask,omitempty"` // If true, the security service will expect an ISecurityDataspaceTokenTranslator plugin to exist for this namespace UseTokenTranslator *bool `json:"useTokenTranslator,omitempty"` // The permission bits needed by a user in order to modify security data on the Security Namespace. WritePermission *int `json:"writePermission,omitempty"` }
Class for describing the details of a TeamFoundationSecurityNamespace.
type SetAccessControlEntriesArgs ¶
type SetAccessControlEntriesArgs struct { // (required) Container interface{} // (required) Security namespace identifier. SecurityNamespaceId *uuid.UUID }
Arguments for the SetAccessControlEntries function
type SetAccessControlListsArgs ¶
type SetAccessControlListsArgs struct { // (required) A list of ACLs to create or update. AccessControlLists *azuredevops.VssJsonCollectionWrapper // (required) Security namespace identifier. SecurityNamespaceId *uuid.UUID }
Arguments for the SetAccessControlLists function