authorization

package
v0.0.0-...-270f78c Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 31, 2023 License: Zlib Imports: 5 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DecorateCustomTemplates 

func DecorateCustomTemplates(templates []portainer.CustomTemplate, resourceControls []portainer.ResourceControl) []portainer.CustomTemplate

DecorateCustomTemplates will iterate through a list of custom templates, check for an associated resource control for each template and decorate the template element if a resource control is found.

func DecorateStacks 

func DecorateStacks(stacks []portainer.Stack, resourceControls []portainer.ResourceControl) []portainer.Stack

DecorateStacks will iterate through a list of stacks, check for an associated resource control for each stack and decorate the stack element if a resource control is found.

func DefaultEndpointAuthorizationsForEndpointAdministratorRole 

func DefaultEndpointAuthorizationsForEndpointAdministratorRole() portainer.Authorizations

DefaultEndpointAuthorizationsForEndpointAdministratorRole returns the default environment(endpoint) authorizations associated to the environment(endpoint) administrator role.

func DefaultEndpointAuthorizationsForHelpDeskRole 

func DefaultEndpointAuthorizationsForHelpDeskRole(volumeBrowsingAuthorizations bool) portainer.Authorizations

DefaultEndpointAuthorizationsForHelpDeskRole returns the default environment(endpoint) authorizations associated to the helpdesk role.

func DefaultEndpointAuthorizationsForReadOnlyUserRole 

func DefaultEndpointAuthorizationsForReadOnlyUserRole(volumeBrowsingAuthorizations bool) portainer.Authorizations

DefaultEndpointAuthorizationsForReadOnlyUserRole returns the default environment(endpoint) authorizations associated to the readonly user role.

func DefaultEndpointAuthorizationsForStandardUserRole 

func DefaultEndpointAuthorizationsForStandardUserRole(volumeBrowsingAuthorizations bool) portainer.Authorizations

DefaultEndpointAuthorizationsForStandardUserRole returns the default environment(endpoint) authorizations associated to the standard user role.

func DefaultPortainerAuthorizations 

func DefaultPortainerAuthorizations() portainer.Authorizations

DefaultPortainerAuthorizations returns the default Portainer authorizations used by non-admin users.

func FilterAuthorizedCustomTemplates 

func FilterAuthorizedCustomTemplates(customTemplates []portainer.CustomTemplate, user *portainer.User, userTeamIDs []portainer.TeamID) []portainer.CustomTemplate

FilterAuthorizedCustomTemplates returns a list of decorated custom templates filtered through resource control access checks.

func FilterAuthorizedStacks 

func FilterAuthorizedStacks(stacks []portainer.Stack, user *portainer.User, userTeamIDs []portainer.TeamID) []portainer.Stack

FilterAuthorizedStacks returns a list of decorated stacks filtered through resource control access checks.

func GetResourceControlByResourceIDAndType 

func GetResourceControlByResourceIDAndType(resourceID string, resourceType portainer.ResourceControlType, resourceControls []portainer.ResourceControl) *portainer.ResourceControl

GetResourceControlByResourceIDAndType retrieves the first matching resource control in a set of resource controls based on the specified id and resource type parameters.

func NewAdministratorsOnlyResourceControl 

func NewAdministratorsOnlyResourceControl(resourceIdentifier string, resourceType portainer.ResourceControlType) *portainer.ResourceControl

NewAdministratorsOnlyResourceControl will create a new administrators only resource control associated to the resource specified by the identifier and type parameters.

func NewPrivateResourceControl 

func NewPrivateResourceControl(resourceIdentifier string, resourceType portainer.ResourceControlType, userID portainer.UserID) *portainer.ResourceControl

NewPrivateResourceControl will create a new private resource control associated to the resource specified by the identifier and type parameters. It automatically assigns it to the user specified by the userID parameter.

func NewPublicResourceControl 

func NewPublicResourceControl(resourceIdentifier string, resourceType portainer.ResourceControlType) *portainer.ResourceControl

NewPublicResourceControl will create a new public resource control.

func NewRestrictedResourceControl 

func NewRestrictedResourceControl(resourceIdentifier string, resourceType portainer.ResourceControlType, userIDs []portainer.UserID, teamIDs []portainer.TeamID) *portainer.ResourceControl

NewRestrictedResourceControl will create a new resource control with user and team accesses restrictions.

func NewSystemResourceControl 

func NewSystemResourceControl(resourceIdentifier string, resourceType portainer.ResourceControlType) *portainer.ResourceControl

NewSystemResourceControl will create a new public resource control with the System flag set to true. These kind of resource control are not persisted and are created on the fly by the Portainer API.

func UserCanAccessResource 

func UserCanAccessResource(userID portainer.UserID, userTeamIDs []portainer.TeamID, resourceControl *portainer.ResourceControl) bool

UserCanAccessResource will valid that a user has permissions defined in the specified resource control based on its identifier and the team(s) he is part of.

Types

type Service 

type Service struct {
	K8sClientFactory *cli.ClientFactory
	// contains filtered or unexported fields
}

Service represents a service used to update authorizations associated to a user or team.

func NewService 

func NewService(dataStore dataservices.DataStore) *Service

NewService returns a point to a new Service instance.

func (*Service) CleanNAPWithOverridePolicies 

func (service *Service) CleanNAPWithOverridePolicies(
	endpoint *portainer.Endpoint,
	endpointGroup *portainer.EndpointGroup,
) error

CleanNAPWithOverridePolicies Clean Namespace Access Policies with override policies

func (*Service) UpdateUsersAuthorizations 

func (service *Service) UpdateUsersAuthorizations() error

UpdateUsersAuthorizations will trigger an update of the authorizations for all the users.

func (*Service) UserIsAdminOrAuthorized 

func (service *Service) UserIsAdminOrAuthorized(userID portainer.UserID, endpointID portainer.EndpointID, authorizations []portainer.Authorization) (bool, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.