Documentation ¶
Index ¶
- Constants
- Variables
- func AppendDefaultPolicies(policies []rbacutils.SRbacPolicy)
- func EnableGlobalRbac(refreshInterval time.Duration, debug bool, workerCount int)
- func ExplainRpc(ctx context.Context, userCred mcclient.TokenCredential, ...) (jsonutils.JSONObject, error)
- func FetchUserCredential(ctx context.Context) mcclient.TokenCredential
- func FilterPolicyCredential(token mcclient.TokenCredential) mcclient.TokenCredential
- func GetResources() map[string]map[string][]string
- func GetSystemResources() map[string][]string
- func RegisterDomainResources(service string, resources []string)
- func RegisterSystemResources(service string, resources []string)
- func RegisterUserResources(service string, resources []string)
- type PolicyFetchFunc
- type SPolicyManager
- func (manager *SPolicyManager) Allow(targetScope rbacutils.TRbacScope, userCred mcclient.TokenCredential, ...) rbacutils.SPolicyResult
- func (manager *SPolicyManager) AllowScope(userCred mcclient.TokenCredential, service string, resource string, ...) (rbacutils.TRbacScope, rbacutils.SPolicyResult)
- func (manager *SPolicyManager) IsScopeCapable(userCred mcclient.TokenCredential, scope rbacutils.TRbacScope) bool
- type SPolicyTokenCredential
Constants ¶
View Source
const ( PolicyDelegation = "delegate" PolicyActionList = rbacutils.ActionList PolicyActionGet = rbacutils.ActionGet PolicyActionUpdate = rbacutils.ActionUpdate PolicyActionPatch = rbacutils.ActionPatch PolicyActionCreate = rbacutils.ActionCreate PolicyActionDelete = rbacutils.ActionDelete PolicyActionPerform = rbacutils.ActionPerform )
Variables ¶
View Source
var ( PolicyManager *SPolicyManager DefaultPolicyFetcher PolicyFetchFunc )
Functions ¶
func AppendDefaultPolicies ¶
func AppendDefaultPolicies(policies []rbacutils.SRbacPolicy)
func EnableGlobalRbac ¶
func ExplainRpc ¶
func ExplainRpc(ctx context.Context, userCred mcclient.TokenCredential, params jsonutils.JSONObject, name string) (jsonutils.JSONObject, error)
func FetchUserCredential ¶
func FetchUserCredential(ctx context.Context) mcclient.TokenCredential
func FilterPolicyCredential ¶
func FilterPolicyCredential(token mcclient.TokenCredential) mcclient.TokenCredential
func GetResources ¶
func GetSystemResources ¶
func RegisterDomainResources ¶
func RegisterSystemResources ¶
func RegisterUserResources ¶
Types ¶
type PolicyFetchFunc ¶
type PolicyFetchFunc func(ctx context.Context, token mcclient.TokenCredential) (*mcclient.SFetchMatchPoliciesOutput, error)
type SPolicyManager ¶
type SPolicyManager struct {
// contains filtered or unexported fields
}
func (*SPolicyManager) Allow ¶
func (manager *SPolicyManager) Allow(targetScope rbacutils.TRbacScope, userCred mcclient.TokenCredential, service string, resource string, action string, extra ...string) rbacutils.SPolicyResult
func (*SPolicyManager) AllowScope ¶
func (manager *SPolicyManager) AllowScope(userCred mcclient.TokenCredential, service string, resource string, action string, extra ...string) (rbacutils.TRbacScope, rbacutils.SPolicyResult)
func (*SPolicyManager) IsScopeCapable ¶
func (manager *SPolicyManager) IsScopeCapable(userCred mcclient.TokenCredential, scope rbacutils.TRbacScope) bool
type SPolicyTokenCredential ¶
type SPolicyTokenCredential struct { // usage embedded interface mcclient.TokenCredential }
func (*SPolicyTokenCredential) HasSystemAdminPrivilege ¶
func (self *SPolicyTokenCredential) HasSystemAdminPrivilege() bool
func (*SPolicyTokenCredential) IsAllow ¶
func (self *SPolicyTokenCredential) IsAllow(targetScope rbacutils.TRbacScope, service string, resource string, action string, extra ...string) rbacutils.SPolicyResult
Click to show internal directories.
Click to hide internal directories.