security

package
v7.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 17, 2023 License: MIT Imports: 8 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AccessControlEntry

type AccessControlEntry struct {
	// The set of permission bits that represent the actions that the associated descriptor is allowed to perform.
	Allow *int `json:"allow,omitempty"`
	// The set of permission bits that represent the actions that the associated descriptor is not allowed to perform.
	Deny *int `json:"deny,omitempty"`
	// The descriptor for the user this AccessControlEntry applies to.
	Descriptor *string `json:"descriptor,omitempty"`
	// This value, when set, reports the inherited and effective information for the associated descriptor. This value is only set on AccessControlEntries returned by the QueryAccessControlList(s) call when its includeExtendedInfo parameter is set to true.
	ExtendedInfo *AceExtendedInformation `json:"extendedInfo,omitempty"`
}

Class for encapsulating the allowed and denied permissions for a given IdentityDescriptor.

type AccessControlList

type AccessControlList struct {
	// Storage of permissions keyed on the identity the permission is for.
	AcesDictionary *map[string]AccessControlEntry `json:"acesDictionary,omitempty"`
	// True if this ACL holds ACEs that have extended information.
	IncludeExtendedInfo *bool `json:"includeExtendedInfo,omitempty"`
	// True if the given token inherits permissions from parents.
	InheritPermissions *bool `json:"inheritPermissions,omitempty"`
	// The token that this AccessControlList is for.
	Token *string `json:"token,omitempty"`
}

The AccessControlList class is meant to associate a set of AccessControlEntries with a security token and its inheritance settings.

type AccessControlListsCollection

type AccessControlListsCollection struct {
}

A list of AccessControlList. An AccessControlList is meant to associate a set of AccessControlEntries with a security token and its inheritance settings.

type AceExtendedInformation

type AceExtendedInformation struct {
	// This is the combination of all of the explicit and inherited permissions for this identity on this token.  These are the permissions used when determining if a given user has permission to perform an action.
	EffectiveAllow *int `json:"effectiveAllow,omitempty"`
	// This is the combination of all of the explicit and inherited permissions for this identity on this token.  These are the permissions used when determining if a given user has permission to perform an action.
	EffectiveDeny *int `json:"effectiveDeny,omitempty"`
	// These are the permissions that are inherited for this identity on this token.  If the token does not inherit permissions this will be 0.  Note that any permissions that have been explicitly set on this token for this identity, or any groups that this identity is a part of, are not included here.
	InheritedAllow *int `json:"inheritedAllow,omitempty"`
	// These are the permissions that are inherited for this identity on this token.  If the token does not inherit permissions this will be 0.  Note that any permissions that have been explicitly set on this token for this identity, or any groups that this identity is a part of, are not included here.
	InheritedDeny *int `json:"inheritedDeny,omitempty"`
}

Holds the inherited and effective permission information for a given AccessControlEntry.

type ActionDefinition

type ActionDefinition struct {
	// The bit mask integer for this action. Must be a power of 2.
	Bit *int `json:"bit,omitempty"`
	// The localized display name for this action.
	DisplayName *string `json:"displayName,omitempty"`
	// The non-localized name for this action.
	Name *string `json:"name,omitempty"`
	// The namespace that this action belongs to.  This will only be used for reading from the database.
	NamespaceId *uuid.UUID `json:"namespaceId,omitempty"`
}

type Client

type Client interface {
	// [Preview API] Evaluates whether the caller has the specified permissions on the specified set of security tokens.
	HasPermissions(context.Context, HasPermissionsArgs) (*[]bool, error)
	// [Preview API] Evaluates multiple permissions for the calling user.  Note: This method does not aggregate the results, nor does it short-circuit if one of the permissions evaluates to false.
	HasPermissionsBatch(context.Context, HasPermissionsBatchArgs) (*PermissionEvaluationBatch, error)
	// [Preview API] Return a list of access control lists for the specified security namespace and token. All ACLs in the security namespace will be retrieved if no optional parameters are provided.
	QueryAccessControlLists(context.Context, QueryAccessControlListsArgs) (*[]AccessControlList, error)
	// [Preview API] List all security namespaces or just the specified namespace.
	QuerySecurityNamespaces(context.Context, QuerySecurityNamespacesArgs) (*[]SecurityNamespaceDescription, error)
	// [Preview API] Remove the specified ACEs from the ACL belonging to the specified token.
	RemoveAccessControlEntries(context.Context, RemoveAccessControlEntriesArgs) (*bool, error)
	// [Preview API] Remove access control lists under the specfied security namespace.
	RemoveAccessControlLists(context.Context, RemoveAccessControlListsArgs) (*bool, error)
	// [Preview API] Removes the specified permissions on a security token for a user or group.
	RemovePermission(context.Context, RemovePermissionArgs) (*AccessControlEntry, error)
	// [Preview API] Add or update ACEs in the ACL for the provided token. The request body contains the target token, a list of [ACEs](https://docs.microsoft.com/en-us/rest/api/azure/devops/security/access%20control%20entries/set%20access%20control%20entries?#accesscontrolentry) and a optional merge parameter. In the case of a collision (by identity descriptor) with an existing ACE in the ACL, the "merge" parameter determines the behavior. If set, the existing ACE has its allow and deny merged with the incoming ACE's allow and deny. If unset, the existing ACE is displaced.
	SetAccessControlEntries(context.Context, SetAccessControlEntriesArgs) (*[]AccessControlEntry, error)
	// [Preview API] Create or update one or more access control lists. All data that currently exists for the ACLs supplied will be overwritten.
	SetAccessControlLists(context.Context, SetAccessControlListsArgs) error
}

func NewClient

func NewClient(ctx context.Context, connection *azuredevops.Connection) Client

type ClientImpl

type ClientImpl struct {
	Client azuredevops.Client
}

func (*ClientImpl) HasPermissions

func (client *ClientImpl) HasPermissions(ctx context.Context, args HasPermissionsArgs) (*[]bool, error)

[Preview API] Evaluates whether the caller has the specified permissions on the specified set of security tokens.

func (*ClientImpl) HasPermissionsBatch

func (client *ClientImpl) HasPermissionsBatch(ctx context.Context, args HasPermissionsBatchArgs) (*PermissionEvaluationBatch, error)

[Preview API] Evaluates multiple permissions for the calling user. Note: This method does not aggregate the results, nor does it short-circuit if one of the permissions evaluates to false.

func (*ClientImpl) QueryAccessControlLists

func (client *ClientImpl) QueryAccessControlLists(ctx context.Context, args QueryAccessControlListsArgs) (*[]AccessControlList, error)

[Preview API] Return a list of access control lists for the specified security namespace and token. All ACLs in the security namespace will be retrieved if no optional parameters are provided.

func (*ClientImpl) QuerySecurityNamespaces

func (client *ClientImpl) QuerySecurityNamespaces(ctx context.Context, args QuerySecurityNamespacesArgs) (*[]SecurityNamespaceDescription, error)

[Preview API] List all security namespaces or just the specified namespace.

func (*ClientImpl) RemoveAccessControlEntries

func (client *ClientImpl) RemoveAccessControlEntries(ctx context.Context, args RemoveAccessControlEntriesArgs) (*bool, error)

[Preview API] Remove the specified ACEs from the ACL belonging to the specified token.

func (*ClientImpl) RemoveAccessControlLists

func (client *ClientImpl) RemoveAccessControlLists(ctx context.Context, args RemoveAccessControlListsArgs) (*bool, error)

[Preview API] Remove access control lists under the specfied security namespace.

func (*ClientImpl) RemovePermission

func (client *ClientImpl) RemovePermission(ctx context.Context, args RemovePermissionArgs) (*AccessControlEntry, error)

[Preview API] Removes the specified permissions on a security token for a user or group.

func (*ClientImpl) SetAccessControlEntries

func (client *ClientImpl) SetAccessControlEntries(ctx context.Context, args SetAccessControlEntriesArgs) (*[]AccessControlEntry, error)

[Preview API] Add or update ACEs in the ACL for the provided token. The request body contains the target token, a list of [ACEs](https://docs.microsoft.com/en-us/rest/api/azure/devops/security/access%20control%20entries/set%20access%20control%20entries?#accesscontrolentry) and a optional merge parameter. In the case of a collision (by identity descriptor) with an existing ACE in the ACL, the "merge" parameter determines the behavior. If set, the existing ACE has its allow and deny merged with the incoming ACE's allow and deny. If unset, the existing ACE is displaced.

func (*ClientImpl) SetAccessControlLists

func (client *ClientImpl) SetAccessControlLists(ctx context.Context, args SetAccessControlListsArgs) error

[Preview API] Create or update one or more access control lists. All data that currently exists for the ACLs supplied will be overwritten.

type HasPermissionsArgs

type HasPermissionsArgs struct {
	// (required) Security namespace identifier.
	SecurityNamespaceId *uuid.UUID
	// (optional) Permissions to evaluate.
	Permissions *int
	// (optional) One or more security tokens to evaluate.
	Tokens *string
	// (optional) If true and if the caller is an administrator, always return true.
	AlwaysAllowAdministrators *bool
	// (optional) Optional security token separator. Defaults to ",".
	Delimiter *string
}

Arguments for the HasPermissions function

type HasPermissionsBatchArgs

type HasPermissionsBatchArgs struct {
	// (required) The set of evaluation requests.
	EvalBatch *PermissionEvaluationBatch
}

Arguments for the HasPermissionsBatch function

type PermissionEvaluation

type PermissionEvaluation struct {
	// Permission bit for this evaluated permission.
	Permissions *int `json:"permissions,omitempty"`
	// Security namespace identifier for this evaluated permission.
	SecurityNamespaceId *uuid.UUID `json:"securityNamespaceId,omitempty"`
	// Security namespace-specific token for this evaluated permission.
	Token *string `json:"token,omitempty"`
	// Permission evaluation value.
	Value *bool `json:"value,omitempty"`
}

Represents an evaluated permission.

type PermissionEvaluationBatch

type PermissionEvaluationBatch struct {
	// True if members of the Administrators group should always pass the security check.
	AlwaysAllowAdministrators *bool `json:"alwaysAllowAdministrators,omitempty"`
	// Array of permission evaluations to evaluate.
	Evaluations *[]PermissionEvaluation `json:"evaluations,omitempty"`
}

Represents a set of evaluated permissions.

type QueryAccessControlListsArgs

type QueryAccessControlListsArgs struct {
	// (required) Security namespace identifier.
	SecurityNamespaceId *uuid.UUID
	// (optional) Security token
	Token *string
	// (optional) An optional filter string containing a list of identity descriptors separated by ',' whose ACEs should be retrieved. If this is left null, entire ACLs will be returned.
	Descriptors *string
	// (optional) If true, populate the extended information properties for the access control entries contained in the returned lists.
	IncludeExtendedInfo *bool
	// (optional) If true and this is a hierarchical namespace, return child ACLs of the specified token.
	Recurse *bool
}

Arguments for the QueryAccessControlLists function

type QuerySecurityNamespacesArgs

type QuerySecurityNamespacesArgs struct {
	// (optional) Security namespace identifier.
	SecurityNamespaceId *uuid.UUID
	// (optional) If true, retrieve only local security namespaces.
	LocalOnly *bool
}

Arguments for the QuerySecurityNamespaces function

type RemoveAccessControlEntriesArgs

type RemoveAccessControlEntriesArgs struct {
	// (required) Security namespace identifier.
	SecurityNamespaceId *uuid.UUID
	// (optional) The token whose ACL should be modified.
	Token *string
	// (optional) String containing a list of identity descriptors separated by ',' whose entries should be removed.
	Descriptors *string
}

Arguments for the RemoveAccessControlEntries function

type RemoveAccessControlListsArgs

type RemoveAccessControlListsArgs struct {
	// (required) Security namespace identifier.
	SecurityNamespaceId *uuid.UUID
	// (optional) One or more comma-separated security tokens
	Tokens *string
	// (optional) If true and this is a hierarchical namespace, also remove child ACLs of the specified tokens.
	Recurse *bool
}

Arguments for the RemoveAccessControlLists function

type RemovePermissionArgs

type RemovePermissionArgs struct {
	// (required) Security namespace identifier.
	SecurityNamespaceId *uuid.UUID
	// (required) Identity descriptor of the user to remove permissions for.
	Descriptor *string
	// (optional) Permissions to remove.
	Permissions *int
	// (optional) Security token to remove permissions for.
	Token *string
}

Arguments for the RemovePermission function

type SecurityNamespaceDescription

type SecurityNamespaceDescription struct {
	// The list of actions that this Security Namespace is responsible for securing.
	Actions *[]ActionDefinition `json:"actions,omitempty"`
	// This is the dataspace category that describes where the security information for this SecurityNamespace should be stored.
	DataspaceCategory *string `json:"dataspaceCategory,omitempty"`
	// This localized name for this namespace.
	DisplayName *string `json:"displayName,omitempty"`
	// If the security tokens this namespace will be operating on need to be split on certain character lengths to determine its elements, that length should be specified here. If not, this value will be -1.
	ElementLength *int `json:"elementLength,omitempty"`
	// This is the type of the extension that should be loaded from the plugins directory for extending this security namespace.
	ExtensionType *string `json:"extensionType,omitempty"`
	// If true, the security namespace is remotable, allowing another service to proxy the namespace.
	IsRemotable *bool `json:"isRemotable,omitempty"`
	// This non-localized for this namespace.
	Name *string `json:"name,omitempty"`
	// The unique identifier for this namespace.
	NamespaceId *uuid.UUID `json:"namespaceId,omitempty"`
	// The permission bits needed by a user in order to read security data on the Security Namespace.
	ReadPermission *int `json:"readPermission,omitempty"`
	// If the security tokens this namespace will be operating on need to be split on certain characters to determine its elements that character should be specified here. If not, this value will be the null character.
	SeparatorValue *string `json:"separatorValue,omitempty"`
	// Used to send information about the structure of the security namespace over the web service.
	StructureValue *int `json:"structureValue,omitempty"`
	// The bits reserved by system store
	SystemBitMask *int `json:"systemBitMask,omitempty"`
	// If true, the security service will expect an ISecurityDataspaceTokenTranslator plugin to exist for this namespace
	UseTokenTranslator *bool `json:"useTokenTranslator,omitempty"`
	// The permission bits needed by a user in order to modify security data on the Security Namespace.
	WritePermission *int `json:"writePermission,omitempty"`
}

Class for describing the details of a TeamFoundationSecurityNamespace.

type SetAccessControlEntriesArgs

type SetAccessControlEntriesArgs struct {
	// (required)
	Container interface{}
	// (required) Security namespace identifier.
	SecurityNamespaceId *uuid.UUID
}

Arguments for the SetAccessControlEntries function

type SetAccessControlListsArgs

type SetAccessControlListsArgs struct {
	// (required) A list of ACLs to create or update.
	AccessControlLists *azuredevops.VssJsonCollectionWrapper
	// (required) Security namespace identifier.
	SecurityNamespaceId *uuid.UUID
}

Arguments for the SetAccessControlLists function

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL