Documentation
¶
Overview ¶
Package rbac contains interfaces to the database models for RBAC.
Index ¶
Constants ¶
const ( // MeshAdminRole is the name of the mesh admin role. MeshAdminRole = "mesh-admin" // MeshAdminRoleBinding is the name of the mesh admin rolebinding. MeshAdminRoleBinding = "mesh-admin" // VotersRole is the name of the voters role. VotersRole = "voters" // VotersGroup is the name of the voters group. VotersGroup = "voters" // BootstrapVotersRoleBinding is the name of the bootstrap voters rolebinding. BootstrapVotersRoleBinding = "bootstrap-voters" )
Variables ¶
var ErrGroupNotFound = fmt.Errorf("group not found")
ErrGroupNotFound is returned when a group is not found.
var ErrIsSystemGroup = fmt.Errorf("cannot modify system group")
ErrIsSystemGroup is returned when a system group is being modified.
var ErrIsSystemRole = fmt.Errorf("cannot modify system role")
ErrIsSystemRole is returned when a system role is being modified.
var ErrIsSystemRoleBinding = fmt.Errorf("cannot modify system rolebinding")
ErrIsSystemRoleBinding is returned when a system rolebinding is being modified.
var ErrRoleBindingNotFound = fmt.Errorf("rolebinding not found")
ErrRoleBindingNotFound is returned when a rolebinding is not found.
var ErrRoleNotFound = fmt.Errorf("role not found")
ErrRoleNotFound is returned when a role is not found.
Functions ¶
func EvalRole ¶
func EvalRole(role *v1.Role, action *v1.RBACAction) bool
EvalRole evaluates an action against a single role.
func EvalRule ¶
func EvalRule(rule *v1.Rule, action *v1.RBACAction) bool
EvalRule evaluates an action against a single rule.
func IsSystemGroup ¶
IsSystemGroup returns true if the group is a system group.
func IsSystemRole ¶
IsSystemRole returns true if the role is a system role.
func IsSystemRoleBinding ¶
IsSystemRoleBinding returns true if the rolebinding is a system rolebinding.
Types ¶
type RBAC ¶
type RBAC interface {
// Enable enables RBAC.
Enable(ctx context.Context) error
// Disable disables RBAC.
Disable(ctx context.Context) error
// IsDisabled returns true if RBAC is disabled.
IsDisabled(ctx context.Context) (bool, error)
// PutRole creates or updates a role.
PutRole(ctx context.Context, role *v1.Role) error
// GetRole returns a role by name.
GetRole(ctx context.Context, name string) (*v1.Role, error)
// DeleteRole deletes a role by name.
DeleteRole(ctx context.Context, name string) error
// ListRoles returns a list of all roles.
ListRoles(ctx context.Context) (RolesList, error)
// PutRoleBinding creates or updates a rolebinding.
PutRoleBinding(ctx context.Context, rolebinding *v1.RoleBinding) error
// GetRoleBinding returns a rolebinding by name.
GetRoleBinding(ctx context.Context, name string) (*v1.RoleBinding, error)
// DeleteRoleBinding deletes a rolebinding by name.
DeleteRoleBinding(ctx context.Context, name string) error
// ListRoleBindings returns a list of all rolebindings.
ListRoleBindings(ctx context.Context) ([]*v1.RoleBinding, error)
// PutGroup creates or updates a group.
PutGroup(ctx context.Context, group *v1.Group) error
// GetGroup returns a group by name.
GetGroup(ctx context.Context, name string) (*v1.Group, error)
// DeleteGroup deletes a group by name.
DeleteGroup(ctx context.Context, name string) error
// ListGroups returns a list of all groups.
ListGroups(ctx context.Context) ([]*v1.Group, error)
// ListNodeRoles returns a list of all roles for a node.
ListNodeRoles(ctx context.Context, nodeID string) (RolesList, error)
// ListUserRoles returns a list of all roles for a user.
ListUserRoles(ctx context.Context, user string) (RolesList, error)
}
RBAC is the interface to the database models for RBAC.
Source Files