rbac

package
v0.2.33 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 27, 2024 License: Apache-2.0 Imports: 6 Imported by: 4

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AllowGlobalScope added in v0.2.20

func AllowGlobalScope(ctx context.Context, endpoint string, operation openapi.AclOperation) error

AllowGlobalScope tries to allow the requested operation at the global scope.

func AllowOrganizationScope added in v0.2.20

func AllowOrganizationScope(ctx context.Context, endpoint string, operation openapi.AclOperation, organizationID string) error

AllowOrganizationScope tries to allow the requested operation at the global scope, then the organization scope.

func AllowProjectScope added in v0.2.20

func AllowProjectScope(ctx context.Context, endpoint string, operation openapi.AclOperation, organizationID, projectID string) error

AllowProjectScope tries to allow the requested operation at the global scope, then the organization scope, and finally at the project scope.

func AllowRole added in v0.2.21

func AllowRole(ctx context.Context, role *unikornv1.Role, organizationID string) error

AllowRole determines whether your ACL contains the same or higher privileges than the role, which is then used to determine role visibility and limit privilege escalation.

func FromContext added in v0.2.20

func FromContext(ctx context.Context) *openapi.Acl

func NewContext added in v0.2.20

func NewContext(ctx context.Context, acl *openapi.Acl) context.Context

Types

type OrganizationMemberships added in v0.2.20

type OrganizationMemberships struct {
	Organization *unikornv1.Organization
	Groups       *unikornv1.GroupList
}

OrganizationMemberships is an organization with groups a user is a member of.

func (*OrganizationMemberships) GetGroup added in v0.2.20

func (o *OrganizationMemberships) GetGroup(groupID string) *unikornv1.Group

type RBAC

type RBAC struct {
	// contains filtered or unexported fields
}

RBAC contains all the scoping rules for services across the platform.

func New

func New(client client.Client, namespace string) *RBAC

New creates a new RBAC client.

func (*RBAC) GetACL added in v0.1.23

func (r *RBAC) GetACL(ctx context.Context, organizationID, subject string) (*openapi.Acl, error)

GetACL returns a granular set of permissions for a user based on their scope. This is used for API level access control and UX.

func (*RBAC) GetOrganizationMemberships added in v0.2.20

func (r *RBAC) GetOrganizationMemberships(ctx context.Context, subject string) ([]OrganizationMemberships, error)

GetOrganizationMemberships returns a list of organizations we have membership of and the groups we are members of.

func (*RBAC) UserExists

func (r *RBAC) UserExists(ctx context.Context, subject string) (bool, error)

UserExists is an optimized version of the permissions builder that is used to authorize authentication requests. Failure here means the user need to signup and register themselves with an organization uing a back-channel.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL