Version: v0.0.0-...-e8aca60 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Oct 20, 2021 License: Apache-2.0 Imports: 11 Imported by: 2



Package acl implements ACLs for enforcement in API and UI.

Deprecated and being replaced with LUCI Realms.



View Source
const (
	// Reader role allows listing invocations and config of a job/trigger.
	Reader = Role("READER")

	// Triggerer role allows sending triggers to a job/trigger.
	// Implies read access.
	Triggerer = Role("TRIGGERER")

	// Owner role provides full control of a job/trigger.
	Owner = Role("OWNER")


This section is empty.


This section is empty.


type GrantsByRole

type GrantsByRole struct {
	Owners     []string `gae:",noindex"`
	Triggerers []string `gae:",noindex"`
	Readers    []string `gae:",noindex"`

GrantsByRole can answer questions who can READ, TRIGGER, or who OWNs the task.

func ValidateTaskACLs

func ValidateTaskACLs(ctx *validation.Context, pSets Sets, tSets []string, tAcls []*messages.Acl) *GrantsByRole

ValidateTaskACLs validates task's ACLs and returns TaskAcls.

Errors are returned via validation.Context.

func (*GrantsByRole) CallerHasRole

func (g *GrantsByRole) CallerHasRole(c context.Context, role Role) (bool, error)

CallerHasRole does what it says and returns only transient errors.

func (*GrantsByRole) Equal

func (g *GrantsByRole) Equal(o *GrantsByRole) bool

Equal returns true if both security descriptors are equivalent.

type Role

type Role string

Role allows certain actions on a Job or a Trigger.

type Sets

type Sets map[string][]*messages.Acl

Sets are parsed and indexed `AclSet` of a project.

func ValidateACLSets

func ValidateACLSets(ctx *validation.Context, sets []*messages.AclSet) Sets

ValidateACLSets validates list of AclSet of a project and returns Sets.

Errors are returned via validation.Context.

Source Files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL