role

package

v0.0.0-...-883aa5b Latest Latest Go to latest Published: Dec 16, 2024 License: MIT Imports: 12 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/nais/api

Documentation ¶

Index ¶

func AssignGlobalRoleToServiceAccount(ctx context.Context, serviceAccountID uuid.UUID, roleName rolesql.RoleName) error
func AssignGlobalRoleToUser(ctx context.Context, userID uuid.UUID, roleName rolesql.RoleName) error
func AssignTeamRoleToServiceAccount(ctx context.Context, serviceAccountID uuid.UUID, teamSlug slug.Slug, ...) error
func AssignTeamRoleToUser(ctx context.Context, userID uuid.UUID, teamSlug slug.Slug, ...) error
func NewLoaderContext(ctx context.Context, dbConn *pgxpool.Pool) context.Context
type Authorization
type Role
- func ForServiceAccount(ctx context.Context, serviceAccountID uuid.UUID) ([]*Role, error)
- func ForUser(ctx context.Context, userID uuid.UUID) ([]*Role, error)
type ServiceAccountRoles
type UserRoles

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AssignGlobalRoleToServiceAccount ¶

func AssignGlobalRoleToServiceAccount(ctx context.Context, serviceAccountID uuid.UUID, roleName rolesql.RoleName) error

func AssignGlobalRoleToUser ¶

func AssignGlobalRoleToUser(ctx context.Context, userID uuid.UUID, roleName rolesql.RoleName) error

func AssignTeamRoleToServiceAccount ¶

func AssignTeamRoleToServiceAccount(ctx context.Context, serviceAccountID uuid.UUID, teamSlug slug.Slug, roleName rolesql.RoleName) error

func AssignTeamRoleToUser ¶

func AssignTeamRoleToUser(ctx context.Context, userID uuid.UUID, teamSlug slug.Slug, roleName rolesql.RoleName) error

func NewLoaderContext ¶

func NewLoaderContext(ctx context.Context, dbConn *pgxpool.Pool) context.Context

Types ¶

type Authorization ¶

type Authorization string

const (
	AuthorizationActivityLogsRead      Authorization = "activity_logs:read"
	AuthorizationServiceAccountsCreate Authorization = "service_accounts:create"
	AuthorizationServiceAccountsDelete Authorization = "service_accounts:delete"
	AuthorizationServiceAccountsRead   Authorization = "service_accounts:read"
	AuthorizationServiceAccountsUpdate Authorization = "service_accounts:update"
	AuthorizationTeamsCreate           Authorization = "teams:create"
	AuthorizationTeamsDelete           Authorization = "teams:delete"
	AuthorizationTeamsList             Authorization = "teams:list"
	AuthorizationTeamsRead             Authorization = "teams:read"
	AuthorizationTeamsMetadataUpdate   Authorization = "teams:metadata:update"
	AuthorizationTeamsMembersAdmin     Authorization = "teams:members:admin"
	AuthorizationSecretsCreate         Authorization = "teams:secrets:create"
	AuthorizationSecretsDelete         Authorization = "teams:secrets:delete"
	AuthorizationSecretsUpdate         Authorization = "teams:secrets:update"
	AuthorizationSecretsRead           Authorization = "teams:secrets:read"
	AuthorizationSecretsList           Authorization = "teams:secrets:list"
	AuthorizationRepositoriesCreate    Authorization = "repositories:create"
	AuthorizationRepositoriesDelete    Authorization = "repositories:delete"
	AuthorizationApplicationsUpdate    Authorization = "applications:update"
	AuthorizationApplicationsDelete    Authorization = "applications:delete"
	AuthorizationJobsUpdate            Authorization = "jobs:update"
	AuthorizationJobsDelete            Authorization = "jobs:delete"
	AuthorizationUsersList             Authorization = "users:list"
	AuthorizationTeamsSynchronize      Authorization = "teams:synchronize"
	AuthorizationUsersyncSynchronize   Authorization = "usersync:synchronize"
	AuthorizationDeployKeyRead         Authorization = "deploy_key:read"
	AuthorizationDeployKeyUpdate       Authorization = "deploy_key:update"
	AuthorizationUnleashCreate         Authorization = "unleash:create"
	AuthorizationUnleashUpdate         Authorization = "unleash:update"
)

type Role ¶

type Role struct {
	Name                   rolesql.RoleName `json:"role_name"`
	TargetTeamSlug         *slug.Slug       `json:"target_team_slug"`
	TargetServiceAccountID *uuid.UUID       `json:"target_service_account_id"`
}

func ForServiceAccount ¶

func ForServiceAccount(ctx context.Context, serviceAccountID uuid.UUID) ([]*Role, error)

func ForUser ¶

func ForUser(ctx context.Context, userID uuid.UUID) ([]*Role, error)

func (*Role) Authorizations ¶

func (r *Role) Authorizations() ([]Authorization, error)

Authorizations returns the authorizations for the role.

func (*Role) IsGlobal ¶

func (r *Role) IsGlobal() bool

IsGlobal checks if the role is globally assigned.

func (*Role) TargetsServiceAccount ¶

func (r *Role) TargetsServiceAccount(targetServiceAccountID uuid.UUID) bool

TargetsServiceAccount checks if the role targets a specific service account.

func (*Role) TargetsTeam ¶

func (r *Role) TargetsTeam(targetsTeamSlug slug.Slug) bool

TargetsTeam checks if the role targets a specific team.

type ServiceAccountRoles ¶

type ServiceAccountRoles struct {
	ServiceAccountID uuid.UUID
	Roles            []*Role
}

type UserRoles ¶

type UserRoles struct {
	UserID uuid.UUID
	Roles  []*Role
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
rolesql

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL