defaults

package

v0.0.0-...-80ec3b1 Latest Latest Go to latest Published: Dec 21, 2017 License: Apache-2.0 Imports: 10 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/moby/libentitlement

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func GetDefaultEntitlement(entFullID string) (entitlement.Entitlement, bool)
func GetSwarmAPIIdentifier() secprofile.APIID
func IsSwarmAPIControlled(profile secprofile.Profile) (isControlled bool, access secprofile.APIAccess, err error)

Constants ¶

View Source

const (
	// APIEntFullID is the API entitlement identifier; the value format is: "api.access:api-id:subset:[allow|deny]"
	// ex: "api.access:engine.v1_35.swarm:all:allow"
	APIEntFullID = "api.access"

	// APIFullControl specifies access control for the whole api
	APIFullControl = "all"
)

View Source

const (
	// EngineAPI defines the Moby-Engine API
	EngineAPI = "engine"

	// SwarmAPI defines the Moby-Engine Swarm API
	SwarmAPI = "swarm"

	// Moby-Engine API Version
	EngineAPIVersion = "v1_35"
)

Default known APIs and API subsets to control access of

View Source

const (
	// HostDevicesNoneEntFullID is the ID for the host.devices.none entitlement
	HostDevicesNoneEntFullID = hostDevicesDomain + ".none"
	// HostDevicesViewEntFullID is the ID for the host.devices.view entitlement
	HostDevicesViewEntFullID = hostDevicesDomain + ".view"
	// HostDevicesAdminEntFullID is the ID for the host.devices.admin entitlement
	HostDevicesAdminEntFullID = hostDevicesDomain + ".admin"

	// HostProcessesNoneEntFullID is the ID for the host.processes.none entitlement
	HostProcessesNoneEntFullID = hostProcessesDomain + ".none"
	// HostProcessesAdminEntFullID is the ID for the host.processes.admin entitlement
	HostProcessesAdminEntFullID = hostProcessesDomain + ".admin"
)

View Source

const (
	// NetworkNoneEntFullID is the ID for the network.none entitlement
	NetworkNoneEntFullID = networkDomain + ".none"
	// NetworkUserEntFullID is the ID for the network.user entitlement
	NetworkUserEntFullID = networkDomain + ".user"
	// NetworkProxyEntFullID is the ID for the network.proxy entitlement
	NetworkProxyEntFullID = networkDomain + ".proxy"
	// NetworkAdminEntFullID is the ID for the network.admin entitlement
	NetworkAdminEntFullID = networkDomain + ".admin"
)

View Source

const (
	// SecurityConfinedEntFullID is the ID for the security.confined entitlement
	SecurityConfinedEntFullID = securityDomain + ".confined"
	// SecurityViewEntFullID is the ID for the security.view entitlement
	SecurityViewEntFullID = securityDomain + ".view"
	// SecurityAdminEntFullID is the ID for the security.admin entitlement
	SecurityAdminEntFullID = securityDomain + ".admin"
	// SecurityMemoryLockFullID is the ID for the security.memory-lock entitlement
	SecurityMemoryLockFullID = securityDomain + ".memory-lock"
)

Variables ¶

View Source

var DefaultEntitlements = map[string]entitlement.Entitlement{
	NetworkNoneEntFullID:  entitlement.Entitlement(networkNoneEntitlement),
	NetworkUserEntFullID:  entitlement.Entitlement(networkUserEntitlement),
	NetworkProxyEntFullID: entitlement.Entitlement(networkProxyEntitlement),
	NetworkAdminEntFullID: entitlement.Entitlement(networkAdminEntitlement),

	SecurityConfinedEntFullID: entitlement.Entitlement(securityConfinedEntitlement),
	SecurityViewEntFullID:     entitlement.Entitlement(securityViewEntitlement),
	SecurityAdminEntFullID:    entitlement.Entitlement(securityAdminEntitlement),
	SecurityMemoryLockFullID:  entitlement.Entitlement(securityMemoryLockEntitlement),

	HostDevicesNoneEntFullID:  entitlement.Entitlement(hostDevicesNoneEntitlement),
	HostDevicesViewEntFullID:  entitlement.Entitlement(hostDevicesViewEntitlement),
	HostDevicesAdminEntFullID: entitlement.Entitlement(hostDevicesAdminEntitlement),

	HostProcessesNoneEntFullID:  entitlement.Entitlement(hostProcessesNoneEntitlement),
	HostProcessesAdminEntFullID: entitlement.Entitlement(hostProcessesAdminEntitlement),

	APIEntFullID: entitlement.Entitlement(apiEntitlement),
}

DefaultEntitlements are the pre-defined entitlements to be consumed by default from libentitlement

Functions ¶

func GetDefaultEntitlement ¶

func GetDefaultEntitlement(entFullID string) (entitlement.Entitlement, bool)

GetDefaultEntitlement returns a copy of a default entitlement (first return value) if present (second return value)

func GetSwarmAPIIdentifier ¶

func GetSwarmAPIIdentifier() secprofile.APIID

GetSwarmAPIIdentifier returns the full Swarm API identifier

func IsSwarmAPIControlled ¶

func IsSwarmAPIControlled(profile secprofile.Profile) (isControlled bool, access secprofile.APIAccess, err error)

IsSwarmAPIControlled checks if Moby Swarm API is controlled and whether it's allowed or not

Return values are the following:
isControlled - if no error is encountered, whether the Swarm API is currently controlled by the entitlements
access - if Swarm API is currently controlled, this return value holds the allow/deny access requested
err - error returned if an issue is encountered

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL