aclmodels

package
v1.14.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 23, 2026 License: Apache-2.0 Imports: 5 Imported by: 1

Documentation

Overview

aclmodels contains models for acl v1 and v2

Index

Constants

This section is empty.

Variables

View Source 
var (
	Acl2RorValidSubjects []Acl2Subject = []Acl2Subject{
		Acl2RorSubjectGlobal,
		Acl2RorSubjectCluster,
		Acl2RorSubjectProject,
		Acl2RorSubjectAcl,
		Acl2RorSubjectDatacenter,
		Acl2RorSubjectWorkspace,
		Acl2RorSubjectPrice,
		Acl2RorSubjectVirtualMachine,
		Acl2RorSubjectBackup,
	}
)

Deprecated: Use function GetAcl2RorValidSubjects() as dropin replacement instead. This variable gives the possiblity of being overwritten on accident.

Functions

This section is empty.

Types

type AccessType 

type AccessType string
const (
	AccessTypeRead             AccessType = "read"
	AccessTypeCreate           AccessType = "create"
	AccessTypeUpdate           AccessType = "update"
	AccessTypeDelete           AccessType = "delete"
	AccessTypeOwner            AccessType = "owner"
	AccessTypeRorMetadata      AccessType = "rormetadata"
	AccessTypeRorVulnerability AccessType = "rorvulnerability"
	AccessTypeClusterLogon     AccessType = "clusterlogon"
)

type Acl2Scope 

type Acl2Scope string
const (
	Acl2ScopeUnknown        Acl2Scope = "UNKNOWN" // unknown
	Acl2ScopeRor            Acl2Scope = "ror"     // ROR
	Acl2ScopeCluster        Acl2Scope = "cluster"
	Acl2ScopeProject        Acl2Scope = "project"
	Acl2ScopeDatacenter     Acl2Scope = "datacenter"
	Acl2ScopeVirtualMachine Acl2Scope = "virtualmachine"
	Acl2ScopeBackup         Acl2Scope = "backup"
)

func GetScopes 

func GetScopes() []Acl2Scope

func (Acl2Scope) GetSubjects 

func (s Acl2Scope) GetSubjects(ctx context.Context) []Acl2Subject

TODO: implement

func (Acl2Scope) IsValid 

func (s Acl2Scope) IsValid() bool

IsValid validates the scope

type Acl2Subject 

type Acl2Subject string
const (
	Acl2RorSubjecUnknown         Acl2Subject = "UNKNOWN"
	Acl2RorSubjectCluster        Acl2Subject = "cluster"
	Acl2RorSubjectProject        Acl2Subject = "project"
	Acl2RorSubjectGlobal         Acl2Subject = "globalscope" // for subject, not scope, TODO: new const
	Acl2RorSubjectAcl            Acl2Subject = "acl"         // for subject, not scope, TODO: new const
	Acl2RorSubjectApiKey         Acl2Subject = "apikey"      //api key
	Acl2RorSubjectDatacenter     Acl2Subject = "datacenter"
	Acl2RorSubjectWorkspace      Acl2Subject = "workspace"
	Acl2RorSubjectPrice          Acl2Subject = "price"
	Acl2RorSubjectVirtualMachine Acl2Subject = "virtualmachine"
	Acl2RorSubjectBackup         Acl2Subject = "backup"
)

func GetAcl2RorValidSubjects added in v1.11.0 

func GetAcl2RorValidSubjects() []Acl2Subject

GetAcl2RorValidSubjects returns all possible Acl2Subject values.

func (Acl2Subject) HasValidScope 

func (s Acl2Subject) HasValidScope(scope Acl2Scope) bool

TODO: implement

type AclV1DBResult 

type AclV1DBResult struct {
	ClusterId string `bson:"clusterid"`
}

Used to verify access using the v1 acl model

type AclV1ListItem 

type AclV1ListItem struct {
	Cluster string `bson:"cluster"`
	Group   string `bson:"group"`
}

Full acl v1 model

type AclV1QueryUserCluster 

type AclV1QueryUserCluster struct {
	User      identitymodels.User
	ClusterId string
}

Used to query the v1 acl model

type AclV2ListItem 

type AclV2ListItem struct {
	Id         string                  `json:"id" bson:"_id,omitempty"`                   // Id
	Version    int                     `json:"version" default:"2" validate:"eq=2" `      // Acl Version, must be 2
	Group      string                  `json:"group" validate:"required,min=1,rortext" `  // The group which the acces is granted
	Scope      Acl2Scope               `json:"scope" validate:"required,min=1,rortext"`   // Type of object ['cluster','project']
	Subject    Acl2Subject             `json:"subject" validate:"required,min=1,rortext"` // The subject eg. clusterid, projectid (can be 'All')
	Access     AclV2ListItemAccess     `json:"access" validate:"required"`                // v2 access model for ror api
	Kubernetes AclV2ListItemKubernetes `json:"kubernetes" validate:""`                    // v2 access model for kubernetes
	Created    time.Time               `json:"created"`
	IssuedBy   string                  `json:"issuedBy,omitempty" validate:"email"` // expects an email
}

Full acl v2 model

func NewAclV2ListItem added in v1.11.0 

func NewAclV2ListItem(group string,
	scope Acl2Scope,
	subject Acl2Subject,
	access AclV2ListItemAccess,
	kubernetesLogon bool,
	issuedBy string,
) *AclV2ListItem

type AclV2ListItemAccess 

type AclV2ListItemAccess struct {
	Read   bool `json:"read" validate:"boolean"`   // Read metadata of subject
	Create bool `json:"create" validate:"boolean"` // Write metadata of subject
	Update bool `json:"update" validate:"boolean"` // Update metadata of subject
	Delete bool `json:"delete" validate:"boolean"` // Delete metadata of subject
	Owner  bool `json:"owner" validate:"boolean"`  // Delete metadata of subject
}

v2 access model for ror api

func NewAclV2ListItemAccess added in v1.11.0 

func NewAclV2ListItemAccess(read, create, update, delete, owner bool) AclV2ListItemAccess

NewAclV2ListItemAccess construct a new AclV2ListItemAccess object.

func NewAclV2ListItemAccessAll added in v1.11.0 

func NewAclV2ListItemAccessAll() AclV2ListItemAccess

NewAclV2ListItemAccessAll gives you Read, Create, Update, Delete, and Owner access.

func NewAclV2ListItemAccessContributor added in v1.11.0 

func NewAclV2ListItemAccessContributor() AclV2ListItemAccess

NewAclV2ListItemAccessContributor gives you Read, Create, and Update access.

func NewAclV2ListItemAccessCreateOnly added in v1.11.0 

func NewAclV2ListItemAccessCreateOnly() AclV2ListItemAccess

NewAclV2ListItemAccessCreateOnly gives you Read and Create access.

func NewAclV2ListItemAccessEditor added in v1.11.0 

func NewAclV2ListItemAccessEditor() AclV2ListItemAccess

NewAclV2ListItemAccessEditor gives you Read and Update access.

func NewAclV2ListItemAccessOperator added in v1.11.0 

func NewAclV2ListItemAccessOperator() AclV2ListItemAccess

NewAclV2ListItemAccessContributor gives you Read, Create, Update, and Delete access.

func NewAclV2ListItemAccessReadOnly added in v1.11.0 

func NewAclV2ListItemAccessReadOnly() AclV2ListItemAccess

NewAclV2ListItemAccessReadOnly gives you Read access.

type AclV2ListItemKubernetes 

type AclV2ListItemKubernetes struct {
	Logon bool `json:"logon,omitempty" validate:"boolean"` // Logon to subject if 'cluster'
}

v2 access model for kubernetes

type AclV2ListItems 

type AclV2ListItems struct {
	Scope   Acl2Scope           // Type of object ['cluster','project']
	Subject Acl2Subject         // The subject eg. clusterid, projectid (can be 'All')
	Global  AclV2ListItemAccess //If global access granted
	Items   []AclV2ListItem     // v2 access model for ror api
}

type AclV2QueryAccessScope 

type AclV2QueryAccessScope struct {
	Scope Acl2Scope
}

type AclV2QueryAccessScopeSubject 

type AclV2QueryAccessScopeSubject struct {
	Scope   Acl2Scope
	Subject Acl2Subject
}

v2 querymodel for access

func NewAclV2QueryAccessScopeSubject 

func NewAclV2QueryAccessScopeSubject(scope any, subject any) AclV2QueryAccessScopeSubject

func (AclV2QueryAccessScopeSubject) IsValid 

func (q AclV2QueryAccessScopeSubject) IsValid() bool

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.