policy

package
v0.3.9-2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 25, 2022 License: Apache-2.0 Imports: 22 Imported by: 39

Documentation

Index

Constants

View Source
const (
	PolicyDelegation = "delegate"

	PolicyActionList    = rbacutils.ActionList
	PolicyActionGet     = rbacutils.ActionGet
	PolicyActionUpdate  = rbacutils.ActionUpdate
	PolicyActionPatch   = rbacutils.ActionPatch
	PolicyActionCreate  = rbacutils.ActionCreate
	PolicyActionDelete  = rbacutils.ActionDelete
	PolicyActionPerform = rbacutils.ActionPerform
)

Variables

View Source
var (
	PolicyManager        *SPolicyManager
	DefaultPolicyFetcher PolicyFetchFunc
)

Functions

func AppendDefaultPolicies

func AppendDefaultPolicies(policies []rbacutils.SRbacPolicy)

func EnableGlobalRbac

func EnableGlobalRbac(refreshInterval time.Duration, debug bool)

func ExplainRpc

func ExplainRpc(ctx context.Context, userCred mcclient.TokenCredential, params jsonutils.JSONObject, name string) (jsonutils.JSONObject, error)

func FetchUserCredential

func FetchUserCredential(ctx context.Context) mcclient.TokenCredential

func FilterPolicyCredential

func FilterPolicyCredential(token mcclient.TokenCredential) mcclient.TokenCredential

func GetResources

func GetResources() map[string]map[string][]string

func GetSystemResources

func GetSystemResources() map[string][]string

func RegisterDomainResources

func RegisterDomainResources(service string, resources []string)

func RegisterSystemResources

func RegisterSystemResources(service string, resources []string)

func RegisterUserResources

func RegisterUserResources(service string, resources []string)

Types

type SPolicyManager

type SPolicyManager struct {
	// contains filtered or unexported fields
}

func (*SPolicyManager) Allow

func (manager *SPolicyManager) Allow(targetScope rbacutils.TRbacScope, userCred mcclient.TokenCredential, service string, resource string, action string, extra ...string) rbacutils.SPolicyResult

func (*SPolicyManager) AllowScope

func (manager *SPolicyManager) AllowScope(userCred mcclient.TokenCredential, service string, resource string, action string, extra ...string) (rbacutils.TRbacScope, rbacutils.SPolicyResult)

func (*SPolicyManager) IsScopeCapable

func (manager *SPolicyManager) IsScopeCapable(userCred mcclient.TokenCredential, scope rbacutils.TRbacScope) bool

type SPolicyTokenCredential

type SPolicyTokenCredential struct {
	// usage embedded interface
	mcclient.TokenCredential
}

func (*SPolicyTokenCredential) HasSystemAdminPrivilege

func (self *SPolicyTokenCredential) HasSystemAdminPrivilege() bool

func (*SPolicyTokenCredential) IsAllow

func (self *SPolicyTokenCredential) IsAllow(targetScope rbacutils.TRbacScope, service string, resource string, action string, extra ...string) rbacutils.SPolicyResult

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL