Documentation ¶
Overview ¶
Package authorization provides the APIs for all available authorization concepts.
Index ¶
Constants ¶
const ( // IdentityResourceTypeOrganization defines the string constant to be used for denoting an organization managed by the authorization framework IdentityResourceTypeOrganization = "identity/organization" // IdentityResourceTypeTeam defines the string constant to be used for denoting a team managed by the authorization framework IdentityResourceTypeTeam = "identity/team" // IdentityResourceTypeGroup defines the string constant to be used for denoting a group managed by the authorization framework IdentityResourceTypeGroup = "identity/group" // IdentityResourceTypeUser defines the string constant to be used for denoting a user managed by the authorization framework IdentityResourceTypeUser = "identity/user" // ResourceTypeSpace defines the string constant for the space resource type ResourceTypeSpace = "openshift.io/resource/space" // ResourceTypeSystem defines the string constant for the system resource type ResourceTypeSystem = "openshift.io/resource/system" // SystemUserAdminRole is the constant used to denote the name of the system resource's user administrator role SystemUserAdminRole = userAdminRole // SystemAdminConsoleUser is the constant used to denote the name of the role which allows a user access to the admin console SystemAdminConsoleUser = adminConsoleUserRole // AccessSystemScope is a general scope required to access a resource of type system AccessSystemScope = accessScope // ManageUserSystemScope is a general scope required to perform operations for managing users in a resource of type system ManageUserSystemScope = manageUserScope // OrganizationAdminRole is the constant used to denote the name of the organization resource's administrator role OrganizationAdminRole = adminRole // OrganizationContributorRole is the constant used to denote the name of the organization resource's contributor role OrganizationContributorRole = contributorRole // SpaceAdminRole is the constant used to denote the name of a space resource's administrator role SpaceAdminRole = adminRole // SpaceContributorRole is the constant used to denote the name of the space's contributor role SpaceContributorRole = contributorRole // SpaceViewerRole is the constant used to denote the name of the space's viewer role SpaceViewerRole = viewerRole // ViewSpaceScope is a general scope required to perform many space-related operations ViewSpaceScope = viewScope // ManageSpaceScope is a general scope required to perform operations for managing a space ManageSpaceScope = manageScope // ContributeSpaceScope is a general scope required to perform many space-related operations ContributeSpaceScope = contributeScope // ManageTeamsInSpaceScope is the scope required for users wishing to manage teams for a space ManageTeamsInSpaceScope = manageScope // ManageOrganizationMembersScope is the scope required for users wishing to manage members of an organization ManageOrganizationMembersScope = manageScope // ManageTeamMembersScope is the scope required for users wishing to manage members of a team ManageTeamMembersScope = manageScope // ManageSecurityGroupMembersScope is the scope required for users wishing to manage members of a security group ManageSecurityGroupMembersScope = manageScope // ViewTeamsInSpaceScope is the scope required for users wishing to view the teams in a space ViewTeamsInSpaceScope = ViewSpaceScope // ManageRoleAssignmentsInSpaceScope is the scope required for managing role assignments in a space ManageRoleAssignmentsInSpaceScope = manageScope // DeleteSpaceScope is the scope required for deleting a space. It's a space level scope. DeleteSpaceScope = ManageSpaceScope // ViewRoleAssignmentsInSpaceScope is the scope required for viewing role assignments in a space ViewRoleAssignmentsInSpaceScope = ViewSpaceScope // ViewOrganizationMembersScope is the scope required for viewing organization members ViewOrganizationMembersScope = viewOrganizationScope // ViewTeamMembersScope is the scope required for viewing team members ViewTeamMembersScope = viewTeamScope // ViewSecurityGroupMembersScope is the scope required for viewing security group members ViewSecurityGroupMembersScope = viewSecurityGroupScope )
Variables ¶
This section is empty.
Functions ¶
func CanHaveMembers ¶
CanHaveMembers returns a boolean indicating whether the specified resource type may have member Identities
func ScopeForManagingRolesInResourceType ¶
ScopeForManagingRolesInResourceType returns the name of the scope that gives a user privileges to manage roles in a resource
func ScopeForViewingRolesInResourceType ¶
ScopeForViewingRolesInResourceType returns the name of the scope that gives a user privileges to view roles in a resource
Types ¶
type IdentityAssociation ¶
type IdentityAssociation struct { ResourceID string ResourceName string ParentResourceID *string IdentityID *uuid.UUID Member bool Roles []string }
IdentityAssociation represents an association between an Identity and either another Identity or a Resource, whether by membership or by having been granted a role. It contains metadata about the Identity's relationship with the other entity, including its membership state, and any roles it may have been assigned.
func AppendAssociation ¶
func AppendAssociation(associations []IdentityAssociation, resourceID string, resourceName *string, parentResourceID *string, identityID *uuid.UUID, member bool, role *string) []IdentityAssociation
AppendAssociation appends the association state specified by the parameter values to an existing IdentityAssociation array
func MergeAssociations ¶
func MergeAssociations(associations []IdentityAssociation, merge []IdentityAssociation) []IdentityAssociation
MergeAssociations merges two arrays of IdentityAssociation objects into one
Directories ¶
Path | Synopsis |
---|---|
Package group provides APIs for managing groups.
|
Package group provides APIs for managing groups. |
The invitation packages provides features relating to the creation and management of invitations; an offer to a user to join an organization, team or security group
|
The invitation packages provides features relating to the creation and management of invitations; an offer to a user to join an organization, team or security group |
service
Package service encapsulates the business logic for managing invitations
|
Package service encapsulates the business logic for managing invitations |
Package organization provides the service, model and repository APIs for managing organizations.
|
Package organization provides the service, model and repository APIs for managing organizations. |
service
Package service provides the code which encapsulates business logic for managing organizations
|
Package service provides the code which encapsulates business logic for managing organizations |
permission
|
|
service
Package service encapsulates the business logic for managing and accessing permissions
|
Package service encapsulates the business logic for managing and accessing permissions |
Package resource provides the service, model and repository APIs for managing resources.
|
Package resource provides the service, model and repository APIs for managing resources. |
repository
Package repository provides the APIs for making 'resource' related database interactions.
|
Package repository provides the APIs for making 'resource' related database interactions. |
service
Package service encapsulates the business logic for managing protected resources
|
Package service encapsulates the business logic for managing protected resources |
Package resourcetype provides the service, model and repository APIs for managing resource types.
|
Package resourcetype provides the service, model and repository APIs for managing resource types. |
repository
Package repository provides the APIs for making resource_type related database interactions.
|
Package repository provides the APIs for making resource_type related database interactions. |
Package role provides the service, model and repository APIs for managing roles.
|
Package role provides the service, model and repository APIs for managing roles. |
repository
Package repository provides the wrappers for 'role' related database interactions.
|
Package repository provides the wrappers for 'role' related database interactions. |
service
Package service provides the code which encapsulates business logic for managing role assignments
|
Package service provides the code which encapsulates business logic for managing role assignments |
Package space provides APIs for managing spaces
|
Package space provides APIs for managing spaces |
service
Package service provides the code which encapsulates business logic for managing spaces
|
Package service provides the code which encapsulates business logic for managing spaces |
Package team provides APIs for managing teams
|
Package team provides APIs for managing teams |
service
Package service provides the code which encapsulates business logic for managing teams
|
Package service provides the code which encapsulates business logic for managing teams |
Package token provides the services, repositories and types for managing RPT tokens
|
Package token provides the services, repositories and types for managing RPT tokens |
repository
Package repository provides the APIs for making 'token' related database interactions.
|
Package repository provides the APIs for making 'token' related database interactions. |
service
Package service encapsulates the business logic for managing RPT tokens
|
Package service encapsulates the business logic for managing RPT tokens |