permissions

package
v0.0.0-...-16534be Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 16, 2025 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Overview

Package permissions contains functions for working with permissionsDB, used when generating internal realms representation for authDB.

Index

Constants

This section is empty.

Variables

View Source
var File_go_chromium_org_luci_auth_service_internal_permissions_proto_permissions_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type PermissionsDB

type PermissionsDB struct {
	// Rev is the revision of this permissionDB
	Rev string

	// Permissions is a map of Permissions str -> *protocol.Permission
	Permissions map[string]*protocol.Permission

	// Roles is a mapping of RoleName to Role.
	Roles map[string]*Role

	// func(projID) -> []*realmsconf.Binding
	ImplicitRootBindings func(string) []*realmsconf.Binding
	// contains filtered or unexported fields
}

PermissionsDB is a representation of all defined roles, permissions and implicit bindings.

This will be generated from permissions.cfg, once constructed this must be treated as immutable.

Revision property follows the rule that if two DB's have the same revision than they are identical, but if they don't have the same revision it does not necessarily mean they are not identical.

func NewPermissionsDB

func NewPermissionsDB(permissionscfg *configspb.PermissionsConfig, meta *config.Meta) *PermissionsDB

NewPermissionsDB constructs a new instance of PermissionsDB from a given permissions.cfg.

func (*PermissionsDB) HasAttribute

func (db *PermissionsDB) HasAttribute(attr string) bool

type PermissionsList

type PermissionsList struct {

	// List of all possible permissions in alphabetical order.
	//
	// Acts as a universal set of permissions in Binding messages.
	//
	// Services may also use this field to check that permissions they are about
	// to use are actually known to the LUCI auth system. This is useful for
	// debugging when adding or removing permissions.
	//
	// See Permission message for more details.
	Permissions []*protocol.Permission `protobuf:"bytes,1,rep,name=permissions,proto3" json:"permissions,omitempty"`
	// contains filtered or unexported fields
}

PermissionsList is an internal protobuf which is just a wrapper for a repeated permissions value. The reason why this is necessary is because this field is stored on it's own in datastore. The luci-go datastore library does not support slices of *protobuf.Msg, the workaround is to declare repeated in the protobuf and just store the *protobuf.Msg.

This is a property value for the AuthRealmsGlobals entity defined in impl/model.go.

func (*PermissionsList) Descriptor deprecated

func (*PermissionsList) Descriptor() ([]byte, []int)

Deprecated: Use PermissionsList.ProtoReflect.Descriptor instead.

func (*PermissionsList) GetPermissions

func (x *PermissionsList) GetPermissions() []*protocol.Permission

func (*PermissionsList) ProtoMessage

func (*PermissionsList) ProtoMessage()

func (*PermissionsList) ProtoReflect

func (x *PermissionsList) ProtoReflect() protoreflect.Message

func (*PermissionsList) Reset

func (x *PermissionsList) Reset()

func (*PermissionsList) String

func (x *PermissionsList) String() string

type Role

type Role struct {
	// Name is the full name for this role
	Name string

	// Permissions contains all the permission strings for this
	// role
	Permissions stringset.Set
}

Role represents a single role, containing the role name and the permissions associated with this role.

Directories

Path Synopsis
Package permissions contains the internal code for working with realms permissions.
Package permissions contains the internal code for working with realms permissions.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL