Documentation ¶
Index ¶
- func DecorateCustomTemplates(templates []portainer.CustomTemplate, ...) []portainer.CustomTemplate
- func DecorateStacks(stacks []portainer.Stack, resourceControls []portainer.ResourceControl) []portainer.Stack
- func DefaultEndpointAuthorizationsForEndpointAdministratorRole() portainer.Authorizations
- func DefaultEndpointAuthorizationsForHelpDeskRole(volumeBrowsingAuthorizations bool) portainer.Authorizations
- func DefaultEndpointAuthorizationsForReadOnlyUserRole(volumeBrowsingAuthorizations bool) portainer.Authorizations
- func DefaultEndpointAuthorizationsForStandardUserRole(volumeBrowsingAuthorizations bool) portainer.Authorizations
- func DefaultPortainerAuthorizations() portainer.Authorizations
- func FilterAuthorizedCustomTemplates(customTemplates []portainer.CustomTemplate, user *portainer.User, ...) []portainer.CustomTemplate
- func FilterAuthorizedStacks(stacks []portainer.Stack, user *portainer.User, userTeamIDs []portainer.TeamID) []portainer.Stack
- func GetResourceControlByResourceIDAndType(resourceID string, resourceType portainer.ResourceControlType, ...) *portainer.ResourceControl
- func NewAdministratorsOnlyResourceControl(resourceIdentifier string, resourceType portainer.ResourceControlType) *portainer.ResourceControl
- func NewPrivateResourceControl(resourceIdentifier string, resourceType portainer.ResourceControlType, ...) *portainer.ResourceControl
- func NewPublicResourceControl(resourceIdentifier string, resourceType portainer.ResourceControlType) *portainer.ResourceControl
- func NewRestrictedResourceControl(resourceIdentifier string, resourceType portainer.ResourceControlType, ...) *portainer.ResourceControl
- func NewSystemResourceControl(resourceIdentifier string, resourceType portainer.ResourceControlType) *portainer.ResourceControl
- func UserCanAccessResource(userID portainer.UserID, userTeamIDs []portainer.TeamID, ...) bool
- type Service
- func (service *Service) CleanNAPWithOverridePolicies(endpoint *portainer.Endpoint, endpointGroup *portainer.EndpointGroup) error
- func (service *Service) UpdateUsersAuthorizations() error
- func (service *Service) UserIsAdminOrAuthorized(userID portainer.UserID, endpointID portainer.EndpointID, ...) (bool, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DecorateCustomTemplates ¶
func DecorateCustomTemplates(templates []portainer.CustomTemplate, resourceControls []portainer.ResourceControl) []portainer.CustomTemplate
DecorateCustomTemplates will iterate through a list of custom templates, check for an associated resource control for each template and decorate the template element if a resource control is found.
func DecorateStacks ¶
func DecorateStacks(stacks []portainer.Stack, resourceControls []portainer.ResourceControl) []portainer.Stack
DecorateStacks will iterate through a list of stacks, check for an associated resource control for each stack and decorate the stack element if a resource control is found.
func DefaultEndpointAuthorizationsForEndpointAdministratorRole ¶
func DefaultEndpointAuthorizationsForEndpointAdministratorRole() portainer.Authorizations
DefaultEndpointAuthorizationsForEndpointAdministratorRole returns the default environment(endpoint) authorizations associated to the environment(endpoint) administrator role.
func DefaultEndpointAuthorizationsForHelpDeskRole ¶
func DefaultEndpointAuthorizationsForHelpDeskRole(volumeBrowsingAuthorizations bool) portainer.Authorizations
DefaultEndpointAuthorizationsForHelpDeskRole returns the default environment(endpoint) authorizations associated to the helpdesk role.
func DefaultEndpointAuthorizationsForReadOnlyUserRole ¶
func DefaultEndpointAuthorizationsForReadOnlyUserRole(volumeBrowsingAuthorizations bool) portainer.Authorizations
DefaultEndpointAuthorizationsForReadOnlyUserRole returns the default environment(endpoint) authorizations associated to the readonly user role.
func DefaultEndpointAuthorizationsForStandardUserRole ¶
func DefaultEndpointAuthorizationsForStandardUserRole(volumeBrowsingAuthorizations bool) portainer.Authorizations
DefaultEndpointAuthorizationsForStandardUserRole returns the default environment(endpoint) authorizations associated to the standard user role.
func DefaultPortainerAuthorizations ¶
func DefaultPortainerAuthorizations() portainer.Authorizations
DefaultPortainerAuthorizations returns the default Portainer authorizations used by non-admin users.
func FilterAuthorizedCustomTemplates ¶
func FilterAuthorizedCustomTemplates(customTemplates []portainer.CustomTemplate, user *portainer.User, userTeamIDs []portainer.TeamID) []portainer.CustomTemplate
FilterAuthorizedCustomTemplates returns a list of decorated custom templates filtered through resource control access checks.
func FilterAuthorizedStacks ¶
func FilterAuthorizedStacks(stacks []portainer.Stack, user *portainer.User, userTeamIDs []portainer.TeamID) []portainer.Stack
FilterAuthorizedStacks returns a list of decorated stacks filtered through resource control access checks.
func GetResourceControlByResourceIDAndType ¶
func GetResourceControlByResourceIDAndType(resourceID string, resourceType portainer.ResourceControlType, resourceControls []portainer.ResourceControl) *portainer.ResourceControl
GetResourceControlByResourceIDAndType retrieves the first matching resource control in a set of resource controls based on the specified id and resource type parameters.
func NewAdministratorsOnlyResourceControl ¶
func NewAdministratorsOnlyResourceControl(resourceIdentifier string, resourceType portainer.ResourceControlType) *portainer.ResourceControl
NewAdministratorsOnlyResourceControl will create a new administrators only resource control associated to the resource specified by the identifier and type parameters.
func NewPrivateResourceControl ¶
func NewPrivateResourceControl(resourceIdentifier string, resourceType portainer.ResourceControlType, userID portainer.UserID) *portainer.ResourceControl
NewPrivateResourceControl will create a new private resource control associated to the resource specified by the identifier and type parameters. It automatically assigns it to the user specified by the userID parameter.
func NewPublicResourceControl ¶
func NewPublicResourceControl(resourceIdentifier string, resourceType portainer.ResourceControlType) *portainer.ResourceControl
NewPublicResourceControl will create a new public resource control.
func NewRestrictedResourceControl ¶
func NewRestrictedResourceControl(resourceIdentifier string, resourceType portainer.ResourceControlType, userIDs []portainer.UserID, teamIDs []portainer.TeamID) *portainer.ResourceControl
NewRestrictedResourceControl will create a new resource control with user and team accesses restrictions.
func NewSystemResourceControl ¶
func NewSystemResourceControl(resourceIdentifier string, resourceType portainer.ResourceControlType) *portainer.ResourceControl
NewSystemResourceControl will create a new public resource control with the System flag set to true. These kind of resource control are not persisted and are created on the fly by the Portainer API.
func UserCanAccessResource ¶
func UserCanAccessResource(userID portainer.UserID, userTeamIDs []portainer.TeamID, resourceControl *portainer.ResourceControl) bool
UserCanAccessResource will valid that a user has permissions defined in the specified resource control based on its identifier and the team(s) he is part of.
Types ¶
type Service ¶
type Service struct { K8sClientFactory *cli.ClientFactory // contains filtered or unexported fields }
Service represents a service used to update authorizations associated to a user or team.
func NewService ¶
func NewService(dataStore dataservices.DataStore) *Service
NewService returns a point to a new Service instance.
func (*Service) CleanNAPWithOverridePolicies ¶
func (service *Service) CleanNAPWithOverridePolicies( endpoint *portainer.Endpoint, endpointGroup *portainer.EndpointGroup, ) error
CleanNAPWithOverridePolicies Clean Namespace Access Policies with override policies
func (*Service) UpdateUsersAuthorizations ¶
UpdateUsersAuthorizations will trigger an update of the authorizations for all the users.
func (*Service) UserIsAdminOrAuthorized ¶
func (service *Service) UserIsAdminOrAuthorized(userID portainer.UserID, endpointID portainer.EndpointID, authorizations []portainer.Authorization) (bool, error)