Documentation ¶
Index ¶
- Variables
- func AcceptRealization(caller *identity.IdentityTraits, pid, eid, rid string) error
- func ActivateUser(caller *identity.IdentityTraits, username string) error
- func AttachXDC(caller *identity.IdentityTraits, pid, xdc string) error
- func Authorize(requestor *identity.IdentityTraits, policy []RoleBinding, object Object) error
- func AuthorizeCreate(requestor *identity.IdentityTraits, policy []RoleBinding, scope Scope) error
- func CreateExperiment(caller *identity.IdentityTraits, pid, eid string) error
- func CreateFacility(caller *identity.IdentityTraits) error
- func CreatePool(caller *identity.IdentityTraits) error
- func CreateProject(user *identity.IdentityTraits, project string) error
- func CreateRealization(caller *identity.IdentityTraits, pid, eid, rid string) error
- func DeactivateUser(caller *identity.IdentityTraits, username string) error
- func DeleteExperiment(caller *identity.IdentityTraits, pid, eid string) error
- func DeleteFacility(caller *identity.IdentityTraits, facility string) error
- func DeletePool(caller *identity.IdentityTraits, pool string) error
- func DeleteProject(user *identity.IdentityTraits, project string) error
- func DeleteRealization(caller *identity.IdentityTraits, pid, eid, rid string) error
- func DeleteUser(caller *identity.IdentityTraits, user string) error
- func Dematerialize(caller *identity.IdentityTraits, pid, eid, rid string) error
- func DestroyXDC(caller *identity.IdentityTraits, pid, xdc string) error
- func DetachXDC(caller *identity.IdentityTraits, pid, xdc string) error
- func InitUser(caller *identity.IdentityTraits, username string) error
- func Materialize(caller *identity.IdentityTraits, pid, eid, rid string) error
- func PolicyFile() string
- func ReadExperiment(caller *identity.IdentityTraits, pid, eid string) error
- func ReadFacility(caller *identity.IdentityTraits, facility string) error
- func ReadIdentities(caller *identity.IdentityTraits) error
- func ReadMaterialization(caller *identity.IdentityTraits, pid, eid, rid string) error
- func ReadMaterializations(caller *identity.IdentityTraits, pid, eid string) error
- func ReadPolicy(caller *identity.IdentityTraits) error
- func ReadPool(caller *identity.IdentityTraits, pool string) error
- func ReadPools(caller *identity.IdentityTraits) error
- func ReadProject(user *identity.IdentityTraits, project string) error
- func ReadRealization(caller *identity.IdentityTraits, pid, eid, rid string) error
- func ReadRealizations(caller *identity.IdentityTraits, pid, eid string) error
- func ReadUser(caller *identity.IdentityTraits, user string) error
- func ReadUsers(caller *identity.IdentityTraits) error
- func ReadXdcs(caller *identity.IdentityTraits, pid string) error
- func RegisterUser(caller *identity.IdentityTraits, username string) error
- func RejectRealization(caller *identity.IdentityTraits, pid, eid, rid string) error
- func Satisfies(provided, required RoleBinding) bool
- func SetPolicyPath(p string)
- func SpawnXDC(caller *identity.IdentityTraits, rq *portal.CreateXDCRequest) error
- func UnregisterUser(caller *identity.IdentityTraits, username string) error
- func UpdateExperiment(caller *identity.IdentityTraits, pid, eid string) error
- func UpdateFacility(caller *identity.IdentityTraits, facility string) error
- func UpdatePool(caller *identity.IdentityTraits, pool string) error
- func UpdateProject(user *identity.IdentityTraits, project string) error
- func UpdateUser(caller *identity.IdentityTraits, user string) error
- func ValidateBinding(b RoleBinding) error
- func ValidateCrudOperationPolicy(c CrudOperationPolicy) error
- func ValidateMode(m Mode) error
- func ValidatePolicy(p Policy) error
- func ValidateRoleBindings(bs []RoleBinding) error
- type CarrOperationPolicy
- type CreateDestroyOperationPolicy
- type CrudMap
- type CrudOp
- type CrudOperationPolicy
- type CrudcdOperationPolicy
- type ExperimentObject
- type FacilityObject
- type IdentityObject
- type IdentityOperationPolicy
- type MaterializationObject
- type Mode
- type Object
- type Policy
- type PoolObject
- type ProjectObject
- type RealizationObject
- type Role
- type RoleBinding
- func CrudCreate(x CrudOperationPolicy) []RoleBinding
- func CrudDelete(x CrudOperationPolicy) []RoleBinding
- func CrudRead(x CrudOperationPolicy) []RoleBinding
- func CrudUpdate(x CrudOperationPolicy) []RoleBinding
- func ProjectAndExperimentRoles(u *portal.User, pid string, eid string) ([]RoleBinding, error)
- type RoleKind
- type Scope
- type UserObject
- type UserPolicy
- type XDCObject
- type XdcOperationsPolicy
Constants ¶
This section is empty.
Variables ¶
var Scopes = []Scope{ PortalScope, OrganizationScope, ProjectScope, ExperimentScope, UserScope, RealizationScope, MaterializationScope, FacilityScope, PoolScope, XDCScope, AnyScope, }
Functions ¶
func AcceptRealization ¶
func AcceptRealization(caller *identity.IdentityTraits, pid, eid, rid string) error
func ActivateUser ¶
func ActivateUser(caller *identity.IdentityTraits, username string) error
func Authorize ¶
func Authorize(requestor *identity.IdentityTraits, policy []RoleBinding, object Object) error
Authorize determines whether the `requestor` is allowed to act on an `object` given the `policy` that governs that object. `policy` is a set of role bindings. If the `requestor` has any of the role bindings in the `policy` set, the request will be approved.
func AuthorizeCreate ¶
func AuthorizeCreate(requestor *identity.IdentityTraits, policy []RoleBinding, scope Scope) error
AuthorizeCreate handles the case of creating an object where we cannot get the user roles from the object as it doesn't exist yet.
func CreateExperiment ¶
func CreateExperiment(caller *identity.IdentityTraits, pid, eid string) error
CreateExperiment ...
func CreateFacility ¶
func CreateFacility(caller *identity.IdentityTraits) error
func CreatePool ¶
func CreatePool(caller *identity.IdentityTraits) error
func CreateProject ¶
func CreateProject(user *identity.IdentityTraits, project string) error
CreateProject policy
func CreateRealization ¶
func CreateRealization(caller *identity.IdentityTraits, pid, eid, rid string) error
func DeactivateUser ¶
func DeactivateUser(caller *identity.IdentityTraits, username string) error
func DeleteExperiment ¶
func DeleteExperiment(caller *identity.IdentityTraits, pid, eid string) error
DeleteExperiment ...
func DeleteFacility ¶
func DeleteFacility(caller *identity.IdentityTraits, facility string) error
func DeletePool ¶
func DeletePool(caller *identity.IdentityTraits, pool string) error
func DeleteProject ¶
func DeleteProject(user *identity.IdentityTraits, project string) error
DeleteProject policy
func DeleteRealization ¶
func DeleteRealization(caller *identity.IdentityTraits, pid, eid, rid string) error
func DeleteUser ¶
func DeleteUser(caller *identity.IdentityTraits, user string) error
func Dematerialize ¶
func Dematerialize(caller *identity.IdentityTraits, pid, eid, rid string) error
func DestroyXDC ¶
func DestroyXDC(caller *identity.IdentityTraits, pid, xdc string) error
func Materialize ¶
func Materialize(caller *identity.IdentityTraits, pid, eid, rid string) error
func PolicyFile ¶
func PolicyFile() string
func ReadExperiment ¶
func ReadExperiment(caller *identity.IdentityTraits, pid, eid string) error
ReadExperiment ...
func ReadFacility ¶
func ReadFacility(caller *identity.IdentityTraits, facility string) error
func ReadIdentities ¶
func ReadIdentities(caller *identity.IdentityTraits) error
func ReadMaterialization ¶
func ReadMaterialization(caller *identity.IdentityTraits, pid, eid, rid string) error
func ReadMaterializations ¶
func ReadMaterializations(caller *identity.IdentityTraits, pid, eid string) error
func ReadPools ¶
func ReadPools(caller *identity.IdentityTraits) error
func ReadProject ¶
func ReadProject(user *identity.IdentityTraits, project string) error
ReadProject policy
func ReadRealization ¶
func ReadRealization(caller *identity.IdentityTraits, pid, eid, rid string) error
func ReadRealizations ¶
func ReadRealizations(caller *identity.IdentityTraits, pid, eid string) error
func ReadUsers ¶
func ReadUsers(caller *identity.IdentityTraits) error
ReadUsers is an Identity level action
func RegisterUser ¶
func RegisterUser(caller *identity.IdentityTraits, username string) error
func RejectRealization ¶
func RejectRealization(caller *identity.IdentityTraits, pid, eid, rid string) error
func Satisfies ¶
func Satisfies(provided, required RoleBinding) bool
func SetPolicyPath ¶
func SetPolicyPath(p string)
func SpawnXDC ¶
func SpawnXDC(caller *identity.IdentityTraits, rq *portal.CreateXDCRequest) error
func UnregisterUser ¶
func UnregisterUser(caller *identity.IdentityTraits, username string) error
func UpdateExperiment ¶
func UpdateExperiment(caller *identity.IdentityTraits, pid, eid string) error
UpdateExperiment ...
func UpdateFacility ¶
func UpdateFacility(caller *identity.IdentityTraits, facility string) error
func UpdatePool ¶
func UpdatePool(caller *identity.IdentityTraits, pool string) error
func UpdateProject ¶
func UpdateProject(user *identity.IdentityTraits, project string) error
UpdateProject policy
func UpdateUser ¶
func UpdateUser(caller *identity.IdentityTraits, user string) error
func ValidateBinding ¶
func ValidateBinding(b RoleBinding) error
func ValidateCrudOperationPolicy ¶
func ValidateCrudOperationPolicy(c CrudOperationPolicy) error
func ValidateMode ¶
func ValidatePolicy ¶
func ValidateRoleBindings ¶
func ValidateRoleBindings(bs []RoleBinding) error
Types ¶
type CarrOperationPolicy ¶
type CarrOperationPolicy struct { Create []RoleBinding Accept []RoleBinding Reject []RoleBinding Release []RoleBinding }
type CreateDestroyOperationPolicy ¶
type CreateDestroyOperationPolicy struct { Create []RoleBinding Destroy []RoleBinding }
type CrudMap ¶
type CrudMap map[Mode]CrudOperationPolicy
type CrudOp ¶
type CrudOp func(CrudOperationPolicy) []RoleBinding
type CrudOperationPolicy ¶
type CrudOperationPolicy struct { Create []RoleBinding Read []RoleBinding Update []RoleBinding Delete []RoleBinding }
type CrudcdOperationPolicy ¶
type CrudcdOperationPolicy struct { Create []RoleBinding Read []RoleBinding Update []RoleBinding Delete []RoleBinding Commission []RoleBinding Decommission []RoleBinding }
type ExperimentObject ¶
type ExperimentObject struct {
*portal.Experiment
}
ExperimentObject interface implementation --------------------------------
func (ExperimentObject) UserRoles ¶
func (o ExperimentObject) UserRoles(u *portal.User) ([]RoleBinding, error)
UserRoles given an existing Experiment
type FacilityObject ¶
func (FacilityObject) UserRoles ¶
func (o FacilityObject) UserRoles(u *portal.User) ([]RoleBinding, error)
type IdentityObject ¶
type IdentityObject struct {
*identity.IdentityTraits
}
func (IdentityObject) UserRoles ¶
func (o IdentityObject) UserRoles(u *portal.User) ([]RoleBinding, error)
type IdentityOperationPolicy ¶
type IdentityOperationPolicy struct { Read []RoleBinding Register []RoleBinding Unregister []RoleBinding UpdateState []RoleBinding Init []RoleBinding }
type MaterializationObject ¶
type MaterializationObject struct {
Pid, Eid, Rid string
}
MaterializationObject ...
func (MaterializationObject) UserRoles ¶
func (o MaterializationObject) UserRoles(u *portal.User) ([]RoleBinding, error)
UserRoles ...
type Policy ¶
type Policy struct { Project map[Mode]CrudOperationPolicy Experiment map[Mode]CrudOperationPolicy User map[Mode]CrudOperationPolicy Xdc map[Mode]XdcOperationsPolicy Realization map[Mode]CarrOperationPolicy Materialization map[Mode]CreateDestroyOperationPolicy Facility map[Mode]CrudcdOperationPolicy Pool map[Mode]CrudOperationPolicy Identity IdentityOperationPolicy }
type PoolObject ¶
type PoolObject struct {
Name string
}
func (PoolObject) UserRoles ¶
func (o PoolObject) UserRoles(u *portal.User) ([]RoleBinding, error)
type ProjectObject ¶
ProjectObject ...
func (ProjectObject) UserRoles ¶
func (p ProjectObject) UserRoles(u *portal.User) ([]RoleBinding, error)
UserRoles for projects
type RealizationObject ¶
type RealizationObject struct {
*portal.Realization
}
RealizationObject ...
func (RealizationObject) UserRoles ¶
func (o RealizationObject) UserRoles(u *portal.User) ([]RoleBinding, error)
UserRoles ...
type RoleBinding ¶
func CrudCreate ¶
func CrudCreate(x CrudOperationPolicy) []RoleBinding
func CrudDelete ¶
func CrudDelete(x CrudOperationPolicy) []RoleBinding
func CrudRead ¶
func CrudRead(x CrudOperationPolicy) []RoleBinding
func CrudUpdate ¶
func CrudUpdate(x CrudOperationPolicy) []RoleBinding
func ProjectAndExperimentRoles ¶
XXX ProjectAndExperimentRoles given the context of the project and experiment, return the roles for the given user
func (RoleBinding) MarshalYAML ¶
func (m RoleBinding) MarshalYAML() (interface{}, error)
func (*RoleBinding) UnmarshalYAML ¶
func (m *RoleBinding) UnmarshalYAML(unmarshal func(interface{}) error) error
type Scope ¶
type Scope string
const ( PortalScope Scope = "Portal" OrganizationScope Scope = "Organization" ProjectScope Scope = "Project" ExperimentScope Scope = "Experiment" UserScope Scope = "User" RealizationScope Scope = "Realization" MaterializationScope Scope = "Materialization" FacilityScope Scope = "Facility" PoolScope Scope = "Pool" XDCScope Scope = "Xdc" AnyScope Scope = "Any" )
type UserObject ¶
func (UserObject) UserRoles ¶
func (o UserObject) UserRoles(requestor *portal.User) ([]RoleBinding, error)
type UserPolicy ¶
type UserPolicy struct { Activate []RoleBinding Init []RoleBinding CrudMap `yaml:",inline"` }
type XDCObject ¶
type XDCObject struct {
*portal.XDCStorage
}
type XdcOperationsPolicy ¶
type XdcOperationsPolicy struct { Spawn []RoleBinding Destroy []RoleBinding Attach []RoleBinding Detach []RoleBinding }