acls

package
v0.0.0-...-7bf56e6 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 3, 2024 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Overview

Package acls enforces CV ACLs.

Index

Constants

View Source
const V0APIAllowGroup = "service-luci-change-verifier-v0-api-users"

V0APIAllowGroup is a CRIA group with users that may make requests to v0 API.

Variables

This section is empty.

Functions

func CheckProjectAccess

func CheckProjectAccess(ctx context.Context, project string) (bool, error)

CheckProjectAccess checks if the calling user has access to the LUCI project.

Returns true if project exists and is active and user has access to this LUCI project, false otherwise.

func IsMember

func IsMember(ctx context.Context, gf gerrit.Factory, gerritHost string, luciProject string, id identity.Identity, groups []string) (bool, error)

IsMember checks whether the given identity is a member of any given groups.

If the LUCI project is configured to honor Gerrit linked accounts, in addition to checking whether the given identity belongs to the group, this function will also return true if any of the linked accounts in the provided gerrit host is a member of provided groups.

func NewRunReadChecker

func NewRunReadChecker() run.LoadRunChecker

NewRunReadChecker returns a LoadRunChecker that checks read access for the Run to be loaded.

If current identity lacks read access, ensures an appropriate appstatus package error is returned.

Example:

r, err := run.LoadRuns(ctx, id, acls.NewRunReadChecker())

Types

type CheckResult

type CheckResult map[*changelist.CL]string

CheckResult tells the result of an ACL check performed.

func CheckRunCreate

func CheckRunCreate(ctx context.Context, gf gerrit.Factory, cg *prjcfg.ConfigGroup, trs []*run.Trigger, cls []*changelist.CL) (CheckResult, error)

CheckRunCreate verifies that the user(s) who triggered Run are authorized to create the Run for the CLs.

func (CheckResult) Failure

func (res CheckResult) Failure(cl *changelist.CL) string

Failure returns a failure message for a given RunCL.

Returns an empty string, if the result was ok.

func (CheckResult) FailuresSummary

func (res CheckResult) FailuresSummary() string

FailuresSummary returns a summary of all the failures reported.

Returns an empty string, if the result was ok.

func (CheckResult) Has

func (res CheckResult) Has(cl *changelist.CL) bool

Has tells whether CheckResult contains the provided CL.

func (CheckResult) OK

func (res CheckResult) OK() bool

OK returns true if the result indicates no failures. False, otherwise.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL