Documentation ¶
Index ¶
Constants ¶
View Source
const ( // Prefix for all built-in roles. Prefix = string("os:") // Admin defines Talos role for admins (every API is available). Admin = Role(Prefix + "admin") // Operator defines Talos role for operators (Reader + management APIs which do not allow secret access, e.g. rebooting a node). Operator = Role(Prefix + "operator") // Reader defines Talos role for readers who can access read-only APIs that do not expose secrets. Reader = Role(Prefix + "reader") // EtcdBackup defines Talos role that allows making etcd backups. EtcdBackup = Role(Prefix + "etcd:backup") // Impersonator defines Talos role for impersonating another user (and their role). // Used internally, but may also be granted to the user. Impersonator = Role(Prefix + "impersonator") )
Variables ¶
View Source
var ( // All roles that can be granted to users. All = MakeSet(Admin, Operator, Reader, EtcdBackup, Impersonator) // Zero is an empty set of roles. Zero = MakeSet() )
Functions ¶
This section is empty.
Types ¶
type Role ¶
type Role string
Role represents Talos user role. Its string value is used everywhere: as the Organization value of Talos client certificate, as the value of talosctl flag, etc.
type Set ¶
type Set struct {
// contains filtered or unexported fields
}
Set represents a set of roles.
func Parse ¶
Parse parses a set of roles. The returned set is always non-nil and contains all roles, including unknown (for compatibility with future versions). The returned slice contains roles unknown to the current version.
func (Set) IncludesAny ¶
IncludesAny returns true if there is a non-empty intersection between sets.
Returns false if any set is empty.
Click to show internal directories.
Click to hide internal directories.