aclmodels

package

v0.1.6 Latest Latest Go to latest Published: May 14, 2024 License: Apache-2.0 Imports: 5 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/NorskHelsenett/ror

Links

Open Source Insights

Documentation ¶

Overview ¶

aclmodels contains models for acl v1 and v2

Index ¶

Constants
Variables
type Acl2Scope
- func GetScopes() []Acl2Scope
- func (s Acl2Scope) GetSubjects(ctx context.Context) []Acl2Subject
- func (s Acl2Scope) IsValid() bool
type Acl2Subject
- func (s Acl2Subject) HasValidScope(scope Acl2Scope) bool
type AclV1DBResult
type AclV1ListItem
type AclV1QueryUserCluster
type AclV2ListItem
type AclV2ListItemAccess
type AclV2ListItemKubernetes
type AclV2ListItems
type AclV2QueryAccessScope
type AclV2QueryAccessScopeSubject
- func NewAclV2QueryAccessScopeSubject(scope any, subject any) AclV2QueryAccessScopeSubject
- func (q AclV2QueryAccessScopeSubject) IsValid() bool

Constants ¶

View Source

const (
	Acl2RorSubjectCluster    = "cluster"
	Acl2RorSubjectProject    = "project"
	Acl2RorSubjectGlobal     = "globalscope" // for subject, not scope, TODO: new const
	Acl2RorSubjectAcl        = "acl"         // for subject, not scope, TODO: new const
	Acl2RorSubjectApiKey     = "apikey"      //api key
	Acl2RorSubjectDatacenter = "datacenter"
	Acl2RorSubjectWorkspace  = "workspace"
	Acl2RorSubjectPrice      = "price"
)

Variables ¶

View Source

var (
	Acl2RorValidSubjects []Acl2Subject = []Acl2Subject{
		Acl2RorSubjectGlobal,
		Acl2RorSubjectCluster,
		Acl2RorSubjectProject,
		Acl2RorSubjectAcl,
		Acl2RorSubjectDatacenter,
		Acl2RorSubjectWorkspace,
		Acl2RorSubjectPrice,
	}
)

Functions ¶

This section is empty.

Types ¶

type Acl2Scope ¶

type Acl2Scope string

const (
	Acl2ScopeUnknown    Acl2Scope = ""    // unknown
	Acl2ScopeRor        Acl2Scope = "ror" // ROR
	Acl2ScopeCluster    Acl2Scope = "cluster"
	Acl2ScopeProject    Acl2Scope = "project"
	Acl2ScopeDatacenter Acl2Scope = "datacenter"
)

func GetScopes ¶

func GetScopes() []Acl2Scope

func (Acl2Scope) GetSubjects ¶

func (s Acl2Scope) GetSubjects(ctx context.Context) []Acl2Subject

TODO: implement

func (Acl2Scope) IsValid ¶

func (s Acl2Scope) IsValid() bool

IsValid validates the scope

type Acl2Subject ¶

type Acl2Subject string

func (Acl2Subject) HasValidScope ¶

func (s Acl2Subject) HasValidScope(scope Acl2Scope) bool

TODO: implement

type AclV1DBResult ¶

type AclV1DBResult struct {
	ClusterId string `bson:"clusterid"`
}

Used to verify access using the v1 acl model

type AclV1ListItem ¶

type AclV1ListItem struct {
	Cluster string `bson:"cluster"`
	Group   string `bson:"group"`
}

Full acl v1 model

type AclV1QueryUserCluster ¶

type AclV1QueryUserCluster struct {
	User      identitymodels.User
	ClusterId string
}

Used to query the v1 acl model

type AclV2ListItem ¶

type AclV2ListItem struct {
	Id         string                  `json:"id" bson:"_id,omitempty"`                   // Id
	Version    int                     `json:"version" default:"2" validate:"eq=2" `      // Acl Version, must be 2
	Group      string                  `json:"group" validate:"required,min=1,rortext" `  // The group wich the acces is granted
	Scope      Acl2Scope               `json:"scope" validate:"required,min=1,rortext"`   // Type of object ['cluster','project']
	Subject    Acl2Subject             `json:"subject" validate:"required,min=1,rortext"` // The subject eg. clusterid, projectid (can be 'All')
	Access     AclV2ListItemAccess     `json:"access" validate:"required"`                // v2 access model for ror api
	Kubernetes AclV2ListItemKubernetes `json:"kubernetes" validate:""`                    // v2 access model for kubernetes
	Created    time.Time               `json:"created,omitempty"`
	IssuedBy   string                  `json:"issuedBy,omitempty" validate:"email"`
}

Full acl v2 model

type AclV2ListItemAccess ¶

type AclV2ListItemAccess struct {
	Read   bool `json:"read" validate:"boolean"`   // Read metadata of subject
	Create bool `json:"create" validate:"boolean"` // Write metadata of subject
	Update bool `json:"update" validate:"boolean"` // Update metadata of subject
	Delete bool `json:"delete" validate:"boolean"` // Delete metadata of subject
	Owner  bool `json:"owner" validate:"boolean"`  // Delete metadata of subject
}

v2 access model for ror api

type AclV2ListItemKubernetes ¶

type AclV2ListItemKubernetes struct {
	Logon bool `json:"logon,omitempty" validate:"boolean"` // Logon to subject if 'cluster'
}

v2 access model for kubernetes

type AclV2ListItems ¶

type AclV2ListItems struct {
	Scope   Acl2Scope           // Type of object ['cluster','project']
	Subject Acl2Subject         // The subject eg. clusterid, projectid (can be 'All')
	Global  AclV2ListItemAccess //If global access granted
	Items   []AclV2ListItem     // v2 access model for ror api
}

type AclV2QueryAccessScope ¶

type AclV2QueryAccessScope struct {
	Scope Acl2Scope
}

type AclV2QueryAccessScopeSubject ¶

type AclV2QueryAccessScopeSubject struct {
	Scope   Acl2Scope
	Subject Acl2Subject
}

v2 querymodel for access

func NewAclV2QueryAccessScopeSubject ¶

func NewAclV2QueryAccessScopeSubject(scope any, subject any) AclV2QueryAccessScopeSubject

func (AclV2QueryAccessScopeSubject) IsValid ¶

func (q AclV2QueryAccessScopeSubject) IsValid() bool

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL