Documentation
¶
Overview ¶
Package permissions contains functions for working with permissionsDB, used when generating internal realms representation for authDB.
Index ¶
- Variables
- type PermissionsDB
- type PermissionsList
- func (*PermissionsList) Descriptor() ([]byte, []int)deprecated
- func (x *PermissionsList) GetPermissions() []*protocol.Permission
- func (*PermissionsList) ProtoMessage()
- func (x *PermissionsList) ProtoReflect() protoreflect.Message
- func (x *PermissionsList) Reset()
- func (x *PermissionsList) String() string
- type Role
Constants ¶
This section is empty.
Variables ¶
var File_go_chromium_org_luci_auth_service_internal_permissions_proto_permissions_proto protoreflect.FileDescriptor
Functions ¶
This section is empty.
Types ¶
type PermissionsDB ¶
type PermissionsDB struct {
// Rev is the revision of this permissionDB
Rev string
// Permissions is a map of Permissions str -> *protocol.Permission
Permissions map[string]*protocol.Permission
// Roles is a mapping of RoleName to Role.
Roles map[string]*Role
// func(projID) -> []*realmsconf.Binding
ImplicitRootBindings func(string) []*realmsconf.Binding
// contains filtered or unexported fields
}
PermissionsDB is a representation of all defined roles, permissions and implicit bindings.
This will be generated from permissions.cfg, once constructed this must be treated as immutable.
Revision property follows the rule that if two DB's have the same revision than they are identical, but if they don't have the same revision it does not necessarily mean they are not identical.
func NewPermissionsDB ¶
func NewPermissionsDB(permissionscfg *configspb.PermissionsConfig, meta *config.Meta) *PermissionsDB
NewPermissionsDB constructs a new instance of PermissionsDB from a given permissions.cfg.
func (*PermissionsDB) HasAttribute ¶
func (db *PermissionsDB) HasAttribute(attr string) bool
type PermissionsList ¶
type PermissionsList struct {
// List of all possible permissions in alphabetical order.
//
// Acts as a universal set of permissions in Binding messages.
//
// Services may also use this field to check that permissions they are about
// to use are actually known to the LUCI auth system. This is useful for
// debugging when adding or removing permissions.
//
// See Permission message for more details.
Permissions []*protocol.Permission `protobuf:"bytes,1,rep,name=permissions,proto3" json:"permissions,omitempty"`
// contains filtered or unexported fields
}
PermissionsList is an internal protobuf which is just a wrapper for a repeated permissions value. The reason why this is necessary is because this field is stored on it's own in datastore. The luci-go datastore library does not support slices of *protobuf.Msg, the workaround is to declare repeated in the protobuf and just store the *protobuf.Msg.
This is a property value for the AuthRealmsGlobals entity defined in impl/model.go.
func (*PermissionsList) Descriptor
deprecated
func (*PermissionsList) Descriptor() ([]byte, []int)
Deprecated: Use PermissionsList.ProtoReflect.Descriptor instead.
func (*PermissionsList) GetPermissions ¶
func (x *PermissionsList) GetPermissions() []*protocol.Permission
func (*PermissionsList) ProtoMessage ¶
func (*PermissionsList) ProtoMessage()
func (*PermissionsList) ProtoReflect ¶
func (x *PermissionsList) ProtoReflect() protoreflect.Message
func (*PermissionsList) Reset ¶
func (x *PermissionsList) Reset()
func (*PermissionsList) String ¶
func (x *PermissionsList) String() string
Source Files
Directories