authz

package
v0.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 16, 2020 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	GroupMembership_RoleProviderType_name = map[int32]string{
		0: "UNSPECIFIED",
		1: "FILE",
		2: "GOOGLE",
		3: "GITHUB",
		4: "LDAP",
	}
	GroupMembership_RoleProviderType_value = map[string]int32{
		"UNSPECIFIED": 0,
		"FILE":        1,
		"GOOGLE":      2,
		"GITHUB":      3,
		"LDAP":        4,
	}
)

Enum value maps for GroupMembership_RoleProviderType.

View Source 
var File_security_authz_authz_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type Authorization 

type Authorization struct {

	// Whether Spinnaker's role-based authorization is enabled.
	Enabled *wrapperspb.BoolValue `protobuf:"bytes,1,opt,name=enabled,proto3" json:"enabled,omitempty"`
	// Configuration role providers that map users to groups.
	GroupMembership *GroupMembership `protobuf:"bytes,2,opt,name=groupMembership,proto3" json:"groupMembership,omitempty"`
	// contains filtered or unexported fields
}

Configuration for what resources users of Spinnaker can read and modify.

func (*Authorization) Descriptor deprecated 

func (*Authorization) Descriptor() ([]byte, []int)

Deprecated: Use Authorization.ProtoReflect.Descriptor instead.

func (*Authorization) GetEnabled 

func (x *Authorization) GetEnabled() *wrapperspb.BoolValue

func (*Authorization) GetGroupMembership 

func (x *Authorization) GetGroupMembership() *GroupMembership

func (*Authorization) ProtoMessage 

func (*Authorization) ProtoMessage()

func (*Authorization) ProtoReflect 

func (x *Authorization) ProtoReflect() protoreflect.Message

func (*Authorization) Reset 

func (x *Authorization) Reset()

func (*Authorization) String 

func (x *Authorization) String() string

type FileRoleProvider 

type FileRoleProvider struct {

	// A path to a file describing the roles of each user.
	Path string `protobuf:"bytes,1,opt,name=path,proto3" json:"path,omitempty"`
	// contains filtered or unexported fields
}

Configuration for the file-based role provider.

func (*FileRoleProvider) Descriptor deprecated 

func (*FileRoleProvider) Descriptor() ([]byte, []int)

Deprecated: Use FileRoleProvider.ProtoReflect.Descriptor instead.

func (*FileRoleProvider) GetPath 

func (x *FileRoleProvider) GetPath() string

func (*FileRoleProvider) ProtoMessage 

func (*FileRoleProvider) ProtoMessage()

func (*FileRoleProvider) ProtoReflect 

func (x *FileRoleProvider) ProtoReflect() protoreflect.Message

func (*FileRoleProvider) Reset 

func (x *FileRoleProvider) Reset()

func (*FileRoleProvider) String 

func (x *FileRoleProvider) String() string

type GithubRoleProvider 

type GithubRoleProvider struct {

	// Used if using GitHub enterprise some other non github.com GitHub installation.
	BaseUrl string `protobuf:"bytes,1,opt,name=baseUrl,proto3" json:"baseUrl,omitempty"`
	// A personal access token of an account with access to your organization's
	// GitHub Teams structure.
	AccessToken string `protobuf:"bytes,2,opt,name=accessToken,proto3" json:"accessToken,omitempty"`
	// The GitHub organization under which to query for GitHub Teams.
	Organization string `protobuf:"bytes,3,opt,name=organization,proto3" json:"organization,omitempty"`
	// contains filtered or unexported fields
}

Configuration for the GitHub role provider.

func (*GithubRoleProvider) Descriptor deprecated 

func (*GithubRoleProvider) Descriptor() ([]byte, []int)

Deprecated: Use GithubRoleProvider.ProtoReflect.Descriptor instead.

func (*GithubRoleProvider) GetAccessToken 

func (x *GithubRoleProvider) GetAccessToken() string

func (*GithubRoleProvider) GetBaseUrl 

func (x *GithubRoleProvider) GetBaseUrl() string

func (*GithubRoleProvider) GetOrganization 

func (x *GithubRoleProvider) GetOrganization() string

func (*GithubRoleProvider) ProtoMessage 

func (*GithubRoleProvider) ProtoMessage()

func (*GithubRoleProvider) ProtoReflect 

func (x *GithubRoleProvider) ProtoReflect() protoreflect.Message

func (*GithubRoleProvider) Reset 

func (x *GithubRoleProvider) Reset()

func (*GithubRoleProvider) String 

func (x *GithubRoleProvider) String() string

type GoogleRoleProvider 

type GoogleRoleProvider struct {

	// A path to a valid json service account that can authenticate against the
	// Google role provider.
	CredentialPath string `protobuf:"bytes,1,opt,name=credentialPath,proto3" json:"credentialPath,omitempty"`
	// Your role provider's admin username e.g. admin@myorg.net.
	AdminUsername string `protobuf:"bytes,2,opt,name=adminUsername,proto3" json:"adminUsername,omitempty"`
	// The domain your role provider is configured for e.g. myorg.net.
	Domain string `protobuf:"bytes,3,opt,name=domain,proto3" json:"domain,omitempty"`
	// contains filtered or unexported fields
}

Configuration for the Google role provider.

func (*GoogleRoleProvider) Descriptor deprecated 

func (*GoogleRoleProvider) Descriptor() ([]byte, []int)

Deprecated: Use GoogleRoleProvider.ProtoReflect.Descriptor instead.

func (*GoogleRoleProvider) GetAdminUsername 

func (x *GoogleRoleProvider) GetAdminUsername() string

func (*GoogleRoleProvider) GetCredentialPath 

func (x *GoogleRoleProvider) GetCredentialPath() string

func (*GoogleRoleProvider) GetDomain 

func (x *GoogleRoleProvider) GetDomain() string

func (*GoogleRoleProvider) ProtoMessage 

func (*GoogleRoleProvider) ProtoMessage()

func (*GoogleRoleProvider) ProtoReflect 

func (x *GoogleRoleProvider) ProtoReflect() protoreflect.Message

func (*GoogleRoleProvider) Reset 

func (x *GoogleRoleProvider) Reset()

func (*GoogleRoleProvider) String 

func (x *GoogleRoleProvider) String() string

type GroupMembership 

type GroupMembership struct {

	// Configuration for which role provider to use for authorization decisions.
	// Each role provider has a corresponding field; configuration specific to
	// the role provider you are using should be added to the appropriate field.
	Service GroupMembership_RoleProviderType `` /* 127-byte string literal not displayed */
	// Configuration for the Google role provider.
	Google *GoogleRoleProvider `protobuf:"bytes,2,opt,name=google,proto3" json:"google,omitempty"`
	// Configuration for the GitHub role provider.
	Github *GithubRoleProvider `protobuf:"bytes,3,opt,name=github,proto3" json:"github,omitempty"`
	// Configuration for the file-based role provider.
	File *FileRoleProvider `protobuf:"bytes,4,opt,name=file,proto3" json:"file,omitempty"`
	// Configuration for the LDAP role provider.
	Ldap *LdapRoleProvider `protobuf:"bytes,5,opt,name=ldap,proto3" json:"ldap,omitempty"`
	// contains filtered or unexported fields
}

Configuration role providers that map users to groups.

func (*GroupMembership) Descriptor deprecated 

func (*GroupMembership) Descriptor() ([]byte, []int)

Deprecated: Use GroupMembership.ProtoReflect.Descriptor instead.

func (*GroupMembership) GetFile 

func (x *GroupMembership) GetFile() *FileRoleProvider

func (*GroupMembership) GetGithub 

func (x *GroupMembership) GetGithub() *GithubRoleProvider

func (*GroupMembership) GetGoogle 

func (x *GroupMembership) GetGoogle() *GoogleRoleProvider

func (*GroupMembership) GetLdap 

func (x *GroupMembership) GetLdap() *LdapRoleProvider

func (*GroupMembership) GetService 

func (x *GroupMembership) GetService() GroupMembership_RoleProviderType

func (*GroupMembership) ProtoMessage 

func (*GroupMembership) ProtoMessage()

func (*GroupMembership) ProtoReflect 

func (x *GroupMembership) ProtoReflect() protoreflect.Message

func (*GroupMembership) Reset 

func (x *GroupMembership) Reset()

func (*GroupMembership) String 

func (x *GroupMembership) String() string

type GroupMembership_RoleProviderType 

type GroupMembership_RoleProviderType int32

Configuration for which role provider to use for authorization decisions. 

const (
	// Unspecified. Do not directly use, instead omit the field.
	GroupMembership_UNSPECIFIED GroupMembership_RoleProviderType = 0
	// File-based role provider.
	GroupMembership_FILE GroupMembership_RoleProviderType = 1
	// Google role provider.
	GroupMembership_GOOGLE GroupMembership_RoleProviderType = 2
	// GitHub role provider.
	GroupMembership_GITHUB GroupMembership_RoleProviderType = 3
	// LDAP role provider.
	GroupMembership_LDAP GroupMembership_RoleProviderType = 4
)

func (GroupMembership_RoleProviderType) Descriptor 

func (GroupMembership_RoleProviderType) Descriptor() protoreflect.EnumDescriptor

func (GroupMembership_RoleProviderType) Enum 

func (x GroupMembership_RoleProviderType) Enum() *GroupMembership_RoleProviderType

func (GroupMembership_RoleProviderType) EnumDescriptor deprecated 

func (GroupMembership_RoleProviderType) EnumDescriptor() ([]byte, []int)

Deprecated: Use GroupMembership_RoleProviderType.Descriptor instead.

func (GroupMembership_RoleProviderType) Number 

func (x GroupMembership_RoleProviderType) Number() protoreflect.EnumNumber

func (GroupMembership_RoleProviderType) String 

func (x GroupMembership_RoleProviderType) String() string

func (GroupMembership_RoleProviderType) Type 

func (GroupMembership_RoleProviderType) Type() protoreflect.EnumType

type LdapRoleProvider 

type LdapRoleProvider struct {

	// ldap:// or ldaps:// url of the LDAP server.
	Url string `protobuf:"bytes,1,opt,name=url,proto3" json:"url,omitempty"`
	// The manager user's distinguished name (principal) to use for querying LDAP groups.
	ManagerDn string `protobuf:"bytes,2,opt,name=managerDn,proto3" json:"managerDn,omitempty"`
	// The manager user's password to use for querying LDAP groups.
	ManagerPassword string `protobuf:"bytes,3,opt,name=managerPassword,proto3" json:"managerPassword,omitempty"`
	// The pattern for finding a user's DN using simple pattern matching. For example,
	// if your LDAP server has the URL ldap://mysite.com/dc=spinnaker,dc=org, and
	// you have the pattern 'uid={0},ou=members', 'me' will map to a DN
	// uid=me,ou=members,dc=spinnaker,dc=org. If no match is found, will try to
	// find the user using -user-search-filter, if set.
	UserDnPattern string `protobuf:"bytes,4,opt,name=userDnPattern,proto3" json:"userDnPattern,omitempty"`
	// The part of the directory tree under which user searches should be performed.
	// If -user-search-base isn't supplied, the search will be performed from the root.
	UserSearchBase string `protobuf:"bytes,5,opt,name=userSearchBase,proto3" json:"userSearchBase,omitempty"`
	// The part of the directory tree under which group searches should be performed.
	GroupSearchBase string `protobuf:"bytes,6,opt,name=groupSearchBase,proto3" json:"groupSearchBase,omitempty"`
	// The filter to use when searching for a user's DN. Will search either from
	// -user-search-base (if specified) or root for entries matching the filter.
	UserSearchFilter string `protobuf:"bytes,7,opt,name=userSearchFilter,proto3" json:"userSearchFilter,omitempty"`
	// The filter which is used to search for group membership. The default is
	// 'uniqueMember={0}', corresponding to the groupOfUniqueMembers LDAP class. In
	// this case, the substituted parameter is the full distinguished name of the
	// user. The parameter '{1}' can be used if you want to filter on the login name.
	GroupSearchFilter string `protobuf:"bytes,8,opt,name=groupSearchFilter,proto3" json:"groupSearchFilter,omitempty"`
	// The attribute which contains the name of the authority defined by the group
	// entry. Defaults to 'cn'.
	GroupRoleAttributes string `protobuf:"bytes,9,opt,name=groupRoleAttributes,proto3" json:"groupRoleAttributes,omitempty"`
	// contains filtered or unexported fields
}

Configuration for the LDAP role provider.

func (*LdapRoleProvider) Descriptor deprecated 

func (*LdapRoleProvider) Descriptor() ([]byte, []int)

Deprecated: Use LdapRoleProvider.ProtoReflect.Descriptor instead.

func (*LdapRoleProvider) GetGroupRoleAttributes 

func (x *LdapRoleProvider) GetGroupRoleAttributes() string

func (*LdapRoleProvider) GetGroupSearchBase 

func (x *LdapRoleProvider) GetGroupSearchBase() string

func (*LdapRoleProvider) GetGroupSearchFilter 

func (x *LdapRoleProvider) GetGroupSearchFilter() string

func (*LdapRoleProvider) GetManagerDn 

func (x *LdapRoleProvider) GetManagerDn() string

func (*LdapRoleProvider) GetManagerPassword 

func (x *LdapRoleProvider) GetManagerPassword() string

func (*LdapRoleProvider) GetUrl 

func (x *LdapRoleProvider) GetUrl() string

func (*LdapRoleProvider) GetUserDnPattern 

func (x *LdapRoleProvider) GetUserDnPattern() string

func (*LdapRoleProvider) GetUserSearchBase 

func (x *LdapRoleProvider) GetUserSearchBase() string

func (*LdapRoleProvider) GetUserSearchFilter 

func (x *LdapRoleProvider) GetUserSearchFilter() string

func (*LdapRoleProvider) ProtoMessage 

func (*LdapRoleProvider) ProtoMessage()

func (*LdapRoleProvider) ProtoReflect 

func (x *LdapRoleProvider) ProtoReflect() protoreflect.Message

func (*LdapRoleProvider) Reset 

func (x *LdapRoleProvider) Reset()

func (*LdapRoleProvider) String 

func (x *LdapRoleProvider) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.