aclmodels

package
v1.4.8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 29, 2025 License: Apache-2.0 Imports: 5 Imported by: 1

Documentation

Overview

aclmodels contains models for acl v1 and v2

Index

Constants

View Source 
const (
	Acl2RorSubjecUnknown         = "UNKNOWN"
	Acl2RorSubjectCluster        = "cluster"
	Acl2RorSubjectProject        = "project"
	Acl2RorSubjectGlobal         = "globalscope" // for subject, not scope, TODO: new const
	Acl2RorSubjectAcl            = "acl"         // for subject, not scope, TODO: new const
	Acl2RorSubjectApiKey         = "apikey"      //api key
	Acl2RorSubjectDatacenter     = "datacenter"
	Acl2RorSubjectWorkspace      = "workspace"
	Acl2RorSubjectPrice          = "price"
	Acl2RorSubjectVirtualMachine = "virtualmachine"
)

Variables

View Source 
var (
	Acl2RorValidSubjects []Acl2Subject = []Acl2Subject{
		Acl2RorSubjectGlobal,
		Acl2RorSubjectCluster,
		Acl2RorSubjectProject,
		Acl2RorSubjectAcl,
		Acl2RorSubjectDatacenter,
		Acl2RorSubjectWorkspace,
		Acl2RorSubjectPrice,
		Acl2RorSubjectVirtualMachine,
	}
)

Functions

This section is empty.

Types

type AccessType 

type AccessType string
const (
	AccessTypeRead             AccessType = "read"
	AccessTypeCreate           AccessType = "create"
	AccessTypeUpdate           AccessType = "update"
	AccessTypeDelete           AccessType = "delete"
	AccessTypeOwner            AccessType = "owner"
	AccessTypeRorMetadata      AccessType = "rormetadata"
	AccessTypeRorVulnerability AccessType = "rorvulnerability"
	AccessTypeClusterLogon     AccessType = "clusterlogon"
)

type Acl2Scope 

type Acl2Scope string
const (
	Acl2ScopeUnknown        Acl2Scope = "UNKNOWN" // unknown
	Acl2ScopeRor            Acl2Scope = "ror"     // ROR
	Acl2ScopeCluster        Acl2Scope = "cluster"
	Acl2ScopeProject        Acl2Scope = "project"
	Acl2ScopeDatacenter     Acl2Scope = "datacenter"
	Acl2ScopeVirtualMachine Acl2Scope = "virtualmachine"
)

func GetScopes 

func GetScopes() []Acl2Scope

func (Acl2Scope) GetSubjects 

func (s Acl2Scope) GetSubjects(ctx context.Context) []Acl2Subject

TODO: implement

func (Acl2Scope) IsValid 

func (s Acl2Scope) IsValid() bool

IsValid validates the scope

type Acl2Subject 

type Acl2Subject string

func (Acl2Subject) HasValidScope 

func (s Acl2Subject) HasValidScope(scope Acl2Scope) bool

TODO: implement

type AclV1DBResult 

type AclV1DBResult struct {
	ClusterId string `bson:"clusterid"`
}

Used to verify access using the v1 acl model

type AclV1ListItem 

type AclV1ListItem struct {
	Cluster string `bson:"cluster"`
	Group   string `bson:"group"`
}

Full acl v1 model

type AclV1QueryUserCluster 

type AclV1QueryUserCluster struct {
	User      identitymodels.User
	ClusterId string
}

Used to query the v1 acl model

type AclV2ListItem 

type AclV2ListItem struct {
	Id      string              `json:"id" bson:"_id,omitempty"`                   // Id
	Version int                 `json:"version" default:"2" validate:"eq=2" `      // Acl Version, must be 2
	Group   string              `json:"group" validate:"required,min=1,rortext" `  // The group which the acces is granted
	Scope   Acl2Scope           `json:"scope" validate:"required,min=1,rortext"`   // Type of object ['cluster','project']
	Subject Acl2Subject         `json:"subject" validate:"required,min=1,rortext"` // The subject eg. clusterid, projectid (can be 'All')
	Access  AclV2ListItemAccess `json:"access" validate:"required"`                // v2 access model for ror api
	//	Accessv2   []map[AccessType]bool    `json:"accessv2" validate:""`                      // v2 access model for ror api
	Kubernetes AclV2ListItemKubernetes `json:"kubernetes" validate:""` // v2 access model for kubernetes
	Created    time.Time               `json:"created,omitempty"`
	IssuedBy   string                  `json:"issuedBy,omitempty" validate:"email"`
}

Full acl v2 model

type AclV2ListItemAccess 

type AclV2ListItemAccess struct {
	Read   bool `json:"read" validate:"boolean"`   // Read metadata of subject
	Create bool `json:"create" validate:"boolean"` // Write metadata of subject
	Update bool `json:"update" validate:"boolean"` // Update metadata of subject
	Delete bool `json:"delete" validate:"boolean"` // Delete metadata of subject
	Owner  bool `json:"owner" validate:"boolean"`  // Delete metadata of subject
}

v2 access model for ror api

type AclV2ListItemKubernetes 

type AclV2ListItemKubernetes struct {
	Logon bool `json:"logon,omitempty" validate:"boolean"` // Logon to subject if 'cluster'
}

v2 access model for kubernetes

type AclV2ListItems 

type AclV2ListItems struct {
	Scope   Acl2Scope           // Type of object ['cluster','project']
	Subject Acl2Subject         // The subject eg. clusterid, projectid (can be 'All')
	Global  AclV2ListItemAccess //If global access granted
	Items   []AclV2ListItem     // v2 access model for ror api
}

type AclV2QueryAccessScope 

type AclV2QueryAccessScope struct {
	Scope Acl2Scope
}

type AclV2QueryAccessScopeSubject 

type AclV2QueryAccessScopeSubject struct {
	Scope   Acl2Scope
	Subject Acl2Subject
}

v2 querymodel for access

func NewAclV2QueryAccessScopeSubject 

func NewAclV2QueryAccessScopeSubject(scope any, subject any) AclV2QueryAccessScopeSubject

func (AclV2QueryAccessScopeSubject) IsValid 

func (q AclV2QueryAccessScopeSubject) IsValid() bool

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.