rbac

package
v0.2.58-rc5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 24, 2025 License: Apache-2.0 Imports: 13 Imported by: 4

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrResourceReference = errors.New("resource reference error")
)

Functions

func AllowGlobalScope added in v0.2.20 

func AllowGlobalScope(ctx context.Context, endpoint string, operation openapi.AclOperation) error

AllowGlobalScope tries to allow the requested operation at the global scope.

func AllowOrganizationScope added in v0.2.20 

func AllowOrganizationScope(ctx context.Context, endpoint string, operation openapi.AclOperation, organizationID string) error

AllowOrganizationScope tries to allow the requested operation at the global scope, then the organization scope.

func AllowProjectScope added in v0.2.20 

func AllowProjectScope(ctx context.Context, endpoint string, operation openapi.AclOperation, organizationID, projectID string) error

AllowProjectScope tries to allow the requested operation at the global scope, then the organization scope, and finally at the project scope.

func AllowRole added in v0.2.21 

func AllowRole(ctx context.Context, role *unikornv1.Role, organizationID string) error

AllowRole determines whether your ACL contains the same or higher privileges than the role, which is then used to determine role visibility and limit privilege escalation.

func FromContext added in v0.2.20 

func FromContext(ctx context.Context) *openapi.Acl

func NewContext added in v0.2.20 

func NewContext(ctx context.Context, acl *openapi.Acl) context.Context

Types

type Options added in v0.2.54 

type Options struct {
	PlatformAdministratorRoleID   string
	PlatformAdministratorSubjects []string
	SystemAccountRoleIDs          map[string]string
}

func (*Options) AddFlags added in v0.2.54 

func (o *Options) AddFlags(f *pflag.FlagSet)

type RBAC 

type RBAC struct {
	// contains filtered or unexported fields
}

RBAC contains all the scoping rules for services across the platform.

func New 

func New(client client.Client, namespace string, options *Options) *RBAC

New creates a new RBAC client.

func (*RBAC) GetACL added in v0.1.23 

func (r *RBAC) GetACL(ctx context.Context, organizationID string) (*openapi.Acl, error)

GetACL returns a granular set of permissions for a user based on their scope. This is used for API level access control and UX.

func (*RBAC) GetActiveOrganizationUser 

func (r *RBAC) GetActiveOrganizationUser(ctx context.Context, organizationID string, user *unikornv1.User) (*unikornv1.OrganizationUser, error)

GetActiveOrganizationUser gets an organization user that references the actual user.

func (*RBAC) GetActiveUser 

func (r *RBAC) GetActiveUser(ctx context.Context, subject string) (*unikornv1.User, error)

GetActiveUser returns a user that match the subject and is active.

func (*RBAC) GetServiceAccount added in v0.2.53 

func (r *RBAC) GetServiceAccount(ctx context.Context, id string) (*unikornv1.ServiceAccount, error)

GetServiceAccount looks up a service account.

func (*RBAC) UserExists 

func (r *RBAC) UserExists(ctx context.Context, subject string) (bool, error)

UserExists tells us whether the user is active in any organization.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.