migrate

package
v0.98.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 5, 2023 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrTooMany is returned when this migration does not support a
	// particular number of resources.  It should not occur on any
	// reasonably-sized installation.
	ErrTooMany         = errors.New("too many")
	ErrTooManyPolicies = fmt.Errorf("%w policies", ErrTooMany)
	ErrTooManyGroups   = fmt.Errorf("%w groups", ErrTooMany)
	ErrNotAllowed      = fmt.Errorf("not allowed")
	ErrAlreadyHasACL   = errors.New("already has ACL")
	ErrAddedActions    = errors.New("added actions")
	ErrEmpty           = errors.New("empty")
	ErrWidened         = errors.New("resource widened")
	ErrPolicyExists    = errors.New("policy exists")
)

Functions

func BroaderPermission 

func BroaderPermission(a, b model.ACLPermission) bool

BroaderPermission returns true if a offers strictly more permissions that b.

func CheckPolicyACLName 

func CheckPolicyACLName(ctx context.Context, svc auth.Service, name string) error

CheckPolicyACLName fails if policy name is named as an ACL policy (start with ACLPolicyPrefix) but is not an ACL policy.

func RBACToACL 

func RBACToACL(ctx context.Context, svc auth.Service, doUpdate bool, creationTime time.Time, messageFunc func(string, model.ACL, error)) ([]string, error)

RBACToACL translates all groups on svc to use ACLs instead of RBAC policies. It updates svc only if doUpdate. It calls messageFunc to report increased permissions. returns a list of users with directly attached policies

Types

type ACLsMigrator 

type ACLsMigrator struct {
	Actions map[model.ACLPermission]map[string]struct{}
	// contains filtered or unexported fields
}

ACLsMigrator migrates from policies to ACLs.

func NewACLsMigrator 

func NewACLsMigrator(svc auth.Service, doUpdate bool) *ACLsMigrator

NewACLsMigrator returns an ACLsMigrator. That ACLsMigrator will only check (change nothing) if doUpdate is false.

func (*ACLsMigrator) ComputeAddedActions 

func (mig *ACLsMigrator) ComputeAddedActions(permission model.ACLPermission, alreadyAllowedActions map[string]struct{}) []string

ComputeAddedActions returns the list of actions that permission allows that are not in alreadyAllowedActions.

func (*ACLsMigrator) ComputePermission 

func (mig *ACLsMigrator) ComputePermission(ctx context.Context, actions []string) (model.ACLPermission, error)

ComputePermission returns ACL permission for actions and the actions that applying that permission will add to it.

func (*ACLsMigrator) GetMinPermission 

func (mig *ACLsMigrator) GetMinPermission(action string) model.ACLPermission

func (*ACLsMigrator) GetRepositories 

func (mig *ACLsMigrator) GetRepositories(resource string) ([]string, bool, error)

GetRepositories returns the repositories to which resource refers, rounding up.

  • It ignores all ARNs except "arn:lakefs:fs:::repository/.
  • If an explicit repository is provided, it returns [repo], false, nil.
  • Otherwise, if _any_ wildcards appears in the repository, it returns no repo, true ("all"), and possibly a warning about widening resource.

func (*ACLsMigrator) NewACLForPolicies 

func (mig *ACLsMigrator) NewACLForPolicies(ctx context.Context, policies []*model.Policy) (acl *model.ACL, warn error, err error)

NewACLForPolicies converts policies of group name to an ACL. warn summarizes all losses in converting policies to ACL. err holds an error if conversion failed.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.