policy

package
v0.0.0-...-6410feb Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 25, 2024 License: Apache-2.0 Imports: 24 Imported by: 0

Documentation

Index

Constants

View Source
const (
	PolicyDelegation = "delegate"

	PolicyActionList    = rbacutils.ActionList
	PolicyActionGet     = rbacutils.ActionGet
	PolicyActionUpdate  = rbacutils.ActionUpdate
	PolicyActionPatch   = rbacutils.ActionPatch
	PolicyActionCreate  = rbacutils.ActionCreate
	PolicyActionDelete  = rbacutils.ActionDelete
	PolicyActionPerform = rbacutils.ActionPerform
)

Variables

View Source
var (
	PolicyManager        *SPolicyManager
	DefaultPolicyFetcher PolicyFetchFunc
)

Functions

func AppendDefaultPolicies

func AppendDefaultPolicies(policies []rbacutils.SRbacPolicy)

func EnableGlobalRbac

func EnableGlobalRbac(refreshInterval time.Duration, debug bool, workerCount int)

func ExplainRpc

func ExplainRpc(ctx context.Context, userCred mcclient.TokenCredential, params jsonutils.JSONObject, name string) (jsonutils.JSONObject, error)

func FetchUserCredential

func FetchUserCredential(ctx context.Context) mcclient.TokenCredential

func FilterPolicyCredential

func FilterPolicyCredential(token mcclient.TokenCredential) mcclient.TokenCredential

func GetResources

func GetResources() map[string]map[string][]string

func GetSystemResources

func GetSystemResources() map[string][]string

func RegisterDomainResources

func RegisterDomainResources(service string, resources []string)

func RegisterSystemResources

func RegisterSystemResources(service string, resources []string)

func RegisterUserResources

func RegisterUserResources(service string, resources []string)

Types

type SPolicyManager

type SPolicyManager struct {
	// contains filtered or unexported fields
}

func (*SPolicyManager) Allow

func (manager *SPolicyManager) Allow(targetScope rbacscope.TRbacScope, userCred mcclient.TokenCredential, service string, resource string, action string, extra ...string) rbacutils.SPolicyResult

func (*SPolicyManager) AllowScope

func (manager *SPolicyManager) AllowScope(userCred mcclient.TokenCredential, service string, resource string, action string, extra ...string) (rbacscope.TRbacScope, rbacutils.SPolicyResult)

func (*SPolicyManager) IsScopeCapable

func (manager *SPolicyManager) IsScopeCapable(userCred mcclient.TokenCredential, scope rbacscope.TRbacScope) bool

type SPolicyTokenCredential

type SPolicyTokenCredential struct {
	// usage embedded interface
	mcclient.TokenCredential
}

func (*SPolicyTokenCredential) HasSystemAdminPrivilege

func (self *SPolicyTokenCredential) HasSystemAdminPrivilege() bool

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL