rbac

package
v0.51.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 7, 2026 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	RoleAdmin              = "admin"
	RoleSubscriber         = "subscriber"
	RoleSubscriberReadonly = "subscriber_readonly"
	RoleOwner              = "owner"
	RoleEditor             = "editor"
	RoleViewer             = "viewer"
)

Built-in role IDs.

View Source 
const (
	ResourceTypeSharedObject   = "SharedObject"
	ResourceTypeBlockStore     = "BlockStore"
	ResourceTypeOrganization   = "Organization"
	ResourceTypeBillingAccount = "BillingAccount"
	ResourceTypeSession        = "Session"
	ResourceTypePlatform       = "Platform"
)

Resource type constants.

View Source 
const (
	VerbRead         = "read"
	VerbWriteOps     = "write_ops"
	VerbValidate     = "validate"
	VerbManageConfig = "manage_config"
	VerbTransfer     = "transfer"
)

SharedObject verbs.

View Source 
const (
	VerbPush   = "push"
	VerbPull   = "pull"
	VerbManage = "manage"
)

BlockStore verbs.

View Source 
const (
	VerbView          = "view"
	VerbManageMembers = "manage_members"
	VerbManageBilling = "manage_billing"
	VerbManageSpaces  = "manage_spaces"
)

Organization verbs.

View Source 
const (
	VerbManageSubscription = "manage_subscription"
	VerbManagePayment      = "manage_payment"
)

BillingAccount verbs.

View Source 
const (
	VerbCreate = "create"
	VerbRevoke = "revoke"
)

Session verbs.

View Source 
const VerbAdmin = "admin"

Platform verbs.

View Source 
const VerbWildcard = "*"

VerbWildcard grants all verbs for a resource type.

Variables

View Source 
var (
	RbacScope_name = map[int32]string{
		0: "RBAC_SCOPE_UNKNOWN",
		1: "RBAC_SCOPE_PLATFORM",
		2: "RBAC_SCOPE_ORGANIZATION",
		3: "RBAC_SCOPE_RESOURCE",
	}
	RbacScope_value = map[string]int32{
		"RBAC_SCOPE_UNKNOWN":      0,
		"RBAC_SCOPE_PLATFORM":     1,
		"RBAC_SCOPE_ORGANIZATION": 2,
		"RBAC_SCOPE_RESOURCE":     3,
	}
)

Enum value maps for RbacScope.

View Source 
var SOParticipantRoleRequiredVerbs = map[int32][]string{
	4: {VerbRead, VerbWriteOps, VerbValidate, VerbManageConfig},
	3: {VerbRead, VerbWriteOps, VerbValidate},
	2: {VerbRead, VerbWriteOps},
	1: {VerbRead},
}

SOParticipantRoleRequiredVerbs maps SOParticipantRole enum values to the RBAC verbs required for the verb containment check.

View Source 
var SOParticipantRoleToRbacRole = map[int32]string{
	4: RoleOwner,
	3: RoleEditor,
	2: RoleEditor,
	1: RoleViewer,
}

SOParticipantRoleToRbacRole maps SOParticipantRole enum values to RBAC role IDs for syncRoleBindings.

Functions

This section is empty.

Types

type CheckAccessResult 

type CheckAccessResult struct {
	// Allowed indicates whether access is granted.
	Allowed bool
	// MatchedBinding is the binding that granted access.
	MatchedBinding *RbacRoleBinding
}

CheckAccessResult is the result of an access check.

func CheckAccess 

func CheckAccess(
	roles []*RbacRole,
	bindings []*RbacRoleBinding,
	resourceType string,
	verb string,
) CheckAccessResult

CheckAccess evaluates whether the subject has the given verb on resourceType within the provided bindings and roles.

type RbacConfig 

type RbacConfig struct {

	// roles is the list of roles.
	Roles []*RbacRole `protobuf:"bytes,1,rep,name=roles,proto3" json:"roles,omitempty"`
	// bindings is the list of role bindings.
	Bindings []*RbacRoleBinding `protobuf:"bytes,2,rep,name=bindings,proto3" json:"bindings,omitempty"`
	// contains filtered or unexported fields
}

RbacConfig contains a set of roles and bindings.

func (*RbacConfig) CloneMessageVT 

func (m *RbacConfig) CloneMessageVT() protobuf_go_lite.CloneMessage

func (*RbacConfig) CloneVT 

func (m *RbacConfig) CloneVT() *RbacConfig

func (*RbacConfig) EqualMessageVT 

func (this *RbacConfig) EqualMessageVT(thatMsg any) bool

func (*RbacConfig) EqualVT 

func (this *RbacConfig) EqualVT(that *RbacConfig) bool

func (*RbacConfig) GetBindings 

func (x *RbacConfig) GetBindings() []*RbacRoleBinding

func (*RbacConfig) GetRoles 

func (x *RbacConfig) GetRoles() []*RbacRole

func (*RbacConfig) MarshalJSON 

func (x *RbacConfig) MarshalJSON() ([]byte, error)

MarshalJSON marshals the RbacConfig to JSON.

func (*RbacConfig) MarshalProtoJSON 

func (x *RbacConfig) MarshalProtoJSON(s *json.MarshalState)

MarshalProtoJSON marshals the RbacConfig message to JSON.

func (*RbacConfig) MarshalProtoText 

func (x *RbacConfig) MarshalProtoText() string

func (*RbacConfig) MarshalToSizedBufferVT 

func (m *RbacConfig) MarshalToSizedBufferVT(dAtA []byte) (int, error)

func (*RbacConfig) MarshalToVT 

func (m *RbacConfig) MarshalToVT(dAtA []byte) (int, error)

func (*RbacConfig) MarshalVT 

func (m *RbacConfig) MarshalVT() (dAtA []byte, err error)

func (*RbacConfig) ProtoMessage 

func (*RbacConfig) ProtoMessage()

func (*RbacConfig) Reset 

func (x *RbacConfig) Reset()

func (*RbacConfig) SizeVT 

func (m *RbacConfig) SizeVT() (n int)

func (*RbacConfig) String 

func (x *RbacConfig) String() string

func (*RbacConfig) UnmarshalJSON 

func (x *RbacConfig) UnmarshalJSON(b []byte) error

UnmarshalJSON unmarshals the RbacConfig from JSON.

func (*RbacConfig) UnmarshalProtoJSON 

func (x *RbacConfig) UnmarshalProtoJSON(s *json.UnmarshalState)

UnmarshalProtoJSON unmarshals the RbacConfig message from JSON.

func (*RbacConfig) UnmarshalVT 

func (m *RbacConfig) UnmarshalVT(dAtA []byte) error

type RbacRole 

type RbacRole struct {

	// id is the unique identifier for this role.
	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	// display_name is the human-readable name.
	DisplayName string `protobuf:"bytes,2,opt,name=display_name,json=displayName,proto3" json:"displayName,omitempty"`
	// rules is the list of permission rules in this role.
	Rules []*RbacRule `protobuf:"bytes,3,rep,name=rules,proto3" json:"rules,omitempty"`
	// builtin indicates this role is system-defined.
	Builtin bool `protobuf:"varint,4,opt,name=builtin,proto3" json:"builtin,omitempty"`
	// contains filtered or unexported fields
}

RbacRole defines a named collection of permission rules.

func BuiltinRoles 

func BuiltinRoles() []*RbacRole

BuiltinRoles returns all built-in role definitions.

func (*RbacRole) CloneMessageVT 

func (m *RbacRole) CloneMessageVT() protobuf_go_lite.CloneMessage

func (*RbacRole) CloneVT 

func (m *RbacRole) CloneVT() *RbacRole

func (*RbacRole) EqualMessageVT 

func (this *RbacRole) EqualMessageVT(thatMsg any) bool

func (*RbacRole) EqualVT 

func (this *RbacRole) EqualVT(that *RbacRole) bool

func (*RbacRole) GetBuiltin 

func (x *RbacRole) GetBuiltin() bool

func (*RbacRole) GetDisplayName 

func (x *RbacRole) GetDisplayName() string

func (*RbacRole) GetId 

func (x *RbacRole) GetId() string

func (*RbacRole) GetRules 

func (x *RbacRole) GetRules() []*RbacRule

func (*RbacRole) MarshalJSON 

func (x *RbacRole) MarshalJSON() ([]byte, error)

MarshalJSON marshals the RbacRole to JSON.

func (*RbacRole) MarshalProtoJSON 

func (x *RbacRole) MarshalProtoJSON(s *json.MarshalState)

MarshalProtoJSON marshals the RbacRole message to JSON.

func (*RbacRole) MarshalProtoText 

func (x *RbacRole) MarshalProtoText() string

func (*RbacRole) MarshalToSizedBufferVT 

func (m *RbacRole) MarshalToSizedBufferVT(dAtA []byte) (int, error)

func (*RbacRole) MarshalToVT 

func (m *RbacRole) MarshalToVT(dAtA []byte) (int, error)

func (*RbacRole) MarshalVT 

func (m *RbacRole) MarshalVT() (dAtA []byte, err error)

func (*RbacRole) ProtoMessage 

func (*RbacRole) ProtoMessage()

func (*RbacRole) Reset 

func (x *RbacRole) Reset()

func (*RbacRole) SizeVT 

func (m *RbacRole) SizeVT() (n int)

func (*RbacRole) String 

func (x *RbacRole) String() string

func (*RbacRole) UnmarshalJSON 

func (x *RbacRole) UnmarshalJSON(b []byte) error

UnmarshalJSON unmarshals the RbacRole from JSON.

func (*RbacRole) UnmarshalProtoJSON 

func (x *RbacRole) UnmarshalProtoJSON(s *json.UnmarshalState)

UnmarshalProtoJSON unmarshals the RbacRole message from JSON.

func (*RbacRole) UnmarshalVT 

func (m *RbacRole) UnmarshalVT(dAtA []byte) error

type RbacRoleBinding 

type RbacRoleBinding struct {

	// id is the unique identifier for this binding.
	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	// role_id is the role being bound.
	RoleId string `protobuf:"bytes,2,opt,name=role_id,json=roleId,proto3" json:"roleId,omitempty"`
	// subject_id is the account receiving the role.
	SubjectId string `protobuf:"bytes,3,opt,name=subject_id,json=subjectId,proto3" json:"subjectId,omitempty"`
	// scope is the scope level of this binding.
	Scope RbacScope `protobuf:"varint,4,opt,name=scope,proto3" json:"scope,omitempty"`
	// scope_id is the target ID for org/resource scope (empty for platform).
	ScopeId string `protobuf:"bytes,5,opt,name=scope_id,json=scopeId,proto3" json:"scopeId,omitempty"`
	// created_at is the creation timestamp in milliseconds.
	CreatedAt int64 `protobuf:"varint,6,opt,name=created_at,json=createdAt,proto3" json:"createdAt,omitempty"`
	// contains filtered or unexported fields
}

RbacRoleBinding binds a role to a subject within a scope.

func (*RbacRoleBinding) CloneMessageVT 

func (m *RbacRoleBinding) CloneMessageVT() protobuf_go_lite.CloneMessage

func (*RbacRoleBinding) CloneVT 

func (m *RbacRoleBinding) CloneVT() *RbacRoleBinding

func (*RbacRoleBinding) EqualMessageVT 

func (this *RbacRoleBinding) EqualMessageVT(thatMsg any) bool

func (*RbacRoleBinding) EqualVT 

func (this *RbacRoleBinding) EqualVT(that *RbacRoleBinding) bool

func (*RbacRoleBinding) GetCreatedAt 

func (x *RbacRoleBinding) GetCreatedAt() int64

func (*RbacRoleBinding) GetId 

func (x *RbacRoleBinding) GetId() string

func (*RbacRoleBinding) GetRoleId 

func (x *RbacRoleBinding) GetRoleId() string

func (*RbacRoleBinding) GetScope 

func (x *RbacRoleBinding) GetScope() RbacScope

func (*RbacRoleBinding) GetScopeId 

func (x *RbacRoleBinding) GetScopeId() string

func (*RbacRoleBinding) GetSubjectId 

func (x *RbacRoleBinding) GetSubjectId() string

func (*RbacRoleBinding) MarshalJSON 

func (x *RbacRoleBinding) MarshalJSON() ([]byte, error)

MarshalJSON marshals the RbacRoleBinding to JSON.

func (*RbacRoleBinding) MarshalProtoJSON 

func (x *RbacRoleBinding) MarshalProtoJSON(s *json.MarshalState)

MarshalProtoJSON marshals the RbacRoleBinding message to JSON.

func (*RbacRoleBinding) MarshalProtoText 

func (x *RbacRoleBinding) MarshalProtoText() string

func (*RbacRoleBinding) MarshalToSizedBufferVT 

func (m *RbacRoleBinding) MarshalToSizedBufferVT(dAtA []byte) (int, error)

func (*RbacRoleBinding) MarshalToVT 

func (m *RbacRoleBinding) MarshalToVT(dAtA []byte) (int, error)

func (*RbacRoleBinding) MarshalVT 

func (m *RbacRoleBinding) MarshalVT() (dAtA []byte, err error)

func (*RbacRoleBinding) ProtoMessage 

func (*RbacRoleBinding) ProtoMessage()

func (*RbacRoleBinding) Reset 

func (x *RbacRoleBinding) Reset()

func (*RbacRoleBinding) SizeVT 

func (m *RbacRoleBinding) SizeVT() (n int)

func (*RbacRoleBinding) String 

func (x *RbacRoleBinding) String() string

func (*RbacRoleBinding) UnmarshalJSON 

func (x *RbacRoleBinding) UnmarshalJSON(b []byte) error

UnmarshalJSON unmarshals the RbacRoleBinding from JSON.

func (*RbacRoleBinding) UnmarshalProtoJSON 

func (x *RbacRoleBinding) UnmarshalProtoJSON(s *json.UnmarshalState)

UnmarshalProtoJSON unmarshals the RbacRoleBinding message from JSON.

func (*RbacRoleBinding) UnmarshalVT 

func (m *RbacRoleBinding) UnmarshalVT(dAtA []byte) error

type RbacRule 

type RbacRule struct {

	// resource_type is the type of resource this rule applies to.
	ResourceType string `protobuf:"bytes,1,opt,name=resource_type,json=resourceType,proto3" json:"resourceType,omitempty"`
	// verbs is the list of allowed verbs (or "*" for all).
	Verbs []string `protobuf:"bytes,2,rep,name=verbs,proto3" json:"verbs,omitempty"`
	// contains filtered or unexported fields
}

RbacRule defines a permission rule granting verbs on a resource type.

func (*RbacRule) CloneMessageVT 

func (m *RbacRule) CloneMessageVT() protobuf_go_lite.CloneMessage

func (*RbacRule) CloneVT 

func (m *RbacRule) CloneVT() *RbacRule

func (*RbacRule) EqualMessageVT 

func (this *RbacRule) EqualMessageVT(thatMsg any) bool

func (*RbacRule) EqualVT 

func (this *RbacRule) EqualVT(that *RbacRule) bool

func (*RbacRule) GetResourceType 

func (x *RbacRule) GetResourceType() string

func (*RbacRule) GetVerbs 

func (x *RbacRule) GetVerbs() []string

func (*RbacRule) MarshalJSON 

func (x *RbacRule) MarshalJSON() ([]byte, error)

MarshalJSON marshals the RbacRule to JSON.

func (*RbacRule) MarshalProtoJSON 

func (x *RbacRule) MarshalProtoJSON(s *json.MarshalState)

MarshalProtoJSON marshals the RbacRule message to JSON.

func (*RbacRule) MarshalProtoText 

func (x *RbacRule) MarshalProtoText() string

func (*RbacRule) MarshalToSizedBufferVT 

func (m *RbacRule) MarshalToSizedBufferVT(dAtA []byte) (int, error)

func (*RbacRule) MarshalToVT 

func (m *RbacRule) MarshalToVT(dAtA []byte) (int, error)

func (*RbacRule) MarshalVT 

func (m *RbacRule) MarshalVT() (dAtA []byte, err error)

func (*RbacRule) ProtoMessage 

func (*RbacRule) ProtoMessage()

func (*RbacRule) Reset 

func (x *RbacRule) Reset()

func (*RbacRule) SizeVT 

func (m *RbacRule) SizeVT() (n int)

func (*RbacRule) String 

func (x *RbacRule) String() string

func (*RbacRule) UnmarshalJSON 

func (x *RbacRule) UnmarshalJSON(b []byte) error

UnmarshalJSON unmarshals the RbacRule from JSON.

func (*RbacRule) UnmarshalProtoJSON 

func (x *RbacRule) UnmarshalProtoJSON(s *json.UnmarshalState)

UnmarshalProtoJSON unmarshals the RbacRule message from JSON.

func (*RbacRule) UnmarshalVT 

func (m *RbacRule) UnmarshalVT(dAtA []byte) error

type RbacScope 

type RbacScope int32

RbacScope defines the scope level for role bindings. 

const (
	RbacScope_RBAC_SCOPE_UNKNOWN      RbacScope = 0
	RbacScope_RBAC_SCOPE_PLATFORM     RbacScope = 1
	RbacScope_RBAC_SCOPE_ORGANIZATION RbacScope = 2
	RbacScope_RBAC_SCOPE_RESOURCE     RbacScope = 3
)

func (RbacScope) Enum 

func (x RbacScope) Enum() *RbacScope

func (RbacScope) MarshalJSON 

func (x RbacScope) MarshalJSON() ([]byte, error)

MarshalJSON marshals the RbacScope to JSON.

func (RbacScope) MarshalProtoJSON 

func (x RbacScope) MarshalProtoJSON(s *json.MarshalState)

MarshalProtoJSON marshals the RbacScope to JSON.

func (RbacScope) MarshalProtoText 

func (x RbacScope) MarshalProtoText() string

func (RbacScope) MarshalText 

func (x RbacScope) MarshalText() ([]byte, error)

MarshalText marshals the RbacScope to text.

func (RbacScope) String 

func (x RbacScope) String() string

func (*RbacScope) UnmarshalJSON 

func (x *RbacScope) UnmarshalJSON(b []byte) error

UnmarshalJSON unmarshals the RbacScope from JSON.

func (*RbacScope) UnmarshalProtoJSON 

func (x *RbacScope) UnmarshalProtoJSON(s *json.UnmarshalState)

UnmarshalProtoJSON unmarshals the RbacScope from JSON.

func (*RbacScope) UnmarshalText 

func (x *RbacScope) UnmarshalText(b []byte) error

UnmarshalText unmarshals the RbacScope from text.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.