acls

package

v0.0.0-...-9eda336 Latest Latest Go to latest Published: Nov 22, 2024 License: Apache-2.0 Imports: 22 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

chromium.googlesource.com/infra/luci/luci-go

Documentation ¶

Overview ¶

Package acls enforces CV ACLs.

Index ¶

Constants
func CheckProjectAccess(ctx context.Context, project string) (bool, error)
func IsMember(ctx context.Context, gf gerrit.Factory, gerritHost string, luciProject string, ...) (bool, error)
func NewRunReadChecker() run.LoadRunChecker
type CheckResult
- func CheckRunCreate(ctx context.Context, gf gerrit.Factory, cg *prjcfg.ConfigGroup, ...) (CheckResult, error)

Constants ¶

View Source

const V0APIAllowGroup = "service-luci-change-verifier-v0-api-users"

V0APIAllowGroup is a CRIA group with users that may make requests to v0 API.

Variables ¶

This section is empty.

Functions ¶

func CheckProjectAccess ¶

func CheckProjectAccess(ctx context.Context, project string) (bool, error)

CheckProjectAccess checks if the calling user has access to the LUCI project.

Returns true if project exists and is active and user has access to this LUCI project, false otherwise.

func IsMember ¶

func IsMember(ctx context.Context, gf gerrit.Factory, gerritHost string, luciProject string, id identity.Identity, groups []string) (bool, error)

IsMember checks whether the given identity is a member of any given groups.

If the LUCI project is configured to honor Gerrit linked accounts, in addition to checking whether the given identity belongs to the group, this function will also return true if any of the linked accounts in the provided gerrit host is a member of provided groups.

func NewRunReadChecker ¶

func NewRunReadChecker() run.LoadRunChecker

NewRunReadChecker returns a LoadRunChecker that checks read access for the Run to be loaded.

If current identity lacks read access, ensures an appropriate appstatus package error is returned.

Example:

r, err := run.LoadRuns(ctx, id, acls.NewRunReadChecker())

Types ¶

type CheckResult ¶

type CheckResult map[*changelist.CL]string

CheckResult tells the result of an ACL check performed.

func CheckRunCreate ¶

func CheckRunCreate(ctx context.Context, gf gerrit.Factory, cg *prjcfg.ConfigGroup, trs []*run.Trigger, cls []*changelist.CL) (CheckResult, error)

CheckRunCreate verifies that the user(s) who triggered Run are authorized to create the Run for the CLs.

func (CheckResult) Failure ¶

func (res CheckResult) Failure(cl *changelist.CL) string

Failure returns a failure message for a given RunCL.

Returns an empty string, if the result was ok.

func (CheckResult) FailuresSummary ¶

func (res CheckResult) FailuresSummary() string

FailuresSummary returns a summary of all the failures reported.

Returns an empty string, if the result was ok.

func (CheckResult) Has ¶

func (res CheckResult) Has(cl *changelist.CL) bool

Has tells whether CheckResult contains the provided CL.

func (CheckResult) OK ¶

func (res CheckResult) OK() bool

OK returns true if the result indicates no failures. False, otherwise.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL