package security
import "github.com/coreos/etcd/etcdserver/security"
Index ¶
- Constants
- type Error
- type Permissions
- func (p Permissions) Grant(n *Permissions) (Permissions, error)
- func (p Permissions) Revoke(n *Permissions) (Permissions, error)
- type Role
- func (r Role) HasKeyAccess(key string, write bool) bool
- func (r Role) HasRecursiveAccess(key string, write bool) bool
- func (r Role) Merge(n Role) (Role, error)
- type Store
- func NewStore(server doer, timeout time.Duration) *Store
- func (s *Store) AllRoles() ([]string, error)
- func (s *Store) AllUsers() ([]string, error)
- func (s *Store) CreateOrUpdateRole(r Role) (role Role, created bool, err error)
- func (s *Store) CreateOrUpdateUser(user User) (out User, created bool, err error)
- func (s *Store) CreateRole(role Role) error
- func (s *Store) CreateUser(user User) (User, error)
- func (s *Store) DeleteRole(name string) error
- func (s *Store) DeleteUser(name string) error
- func (s *Store) DisableSecurity() error
- func (s *Store) EnableSecurity() error
- func (s *Store) GetRole(name string) (Role, error)
- func (s *Store) GetUser(name string) (User, error)
- func (s *Store) SecurityEnabled() bool
- func (s *Store) UpdateRole(role Role) (Role, error)
- func (s *Store) UpdateUser(user User) (User, error)
- type User
Constants ¶
const ( // StorePermsPrefix is the internal prefix of the storage layer dedicated to storing user data. StorePermsPrefix = "/2" // RootRoleName is the name of the ROOT role, with privileges to manage the cluster. RootRoleName = "root" // GuestRoleName is the name of the role that defines the privileges of an unauthenticated user. GuestRoleName = "guest" )
Types ¶
type Error ¶
type Error struct {
// contains filtered or unexported fields
}
func (Error) Error ¶
type Permissions ¶
type Permissions struct {
KV rwPermission `json:"kv"`
}
func (Permissions) Grant ¶
func (p Permissions) Grant(n *Permissions) (Permissions, error)
Grant adds a set of permissions to the permission object on which it is called, returning a new permission object.
func (Permissions) Revoke ¶
func (p Permissions) Revoke(n *Permissions) (Permissions, error)
Revoke removes a set of permissions to the permission object on which it is called, returning a new permission object.
type Role ¶
type Role struct {
Role string `json:"role"`
Permissions Permissions `json:"permissions"`
Grant *Permissions `json:"grant,omitempty"`
Revoke *Permissions `json:"revoke,omitempty"`
}
func (Role) HasKeyAccess ¶
func (Role) HasRecursiveAccess ¶
func (Role) Merge ¶
Merge for a role works the same as User above -- atomic Role application to each of the substructures.
type Store ¶
type Store struct {
// contains filtered or unexported fields
}
func NewStore ¶
func (*Store) AllRoles ¶
func (*Store) AllUsers ¶
func (*Store) CreateOrUpdateRole ¶
func (*Store) CreateOrUpdateUser ¶
func (*Store) CreateRole ¶
func (*Store) CreateUser ¶
func (*Store) DeleteRole ¶
func (*Store) DeleteUser ¶
func (*Store) DisableSecurity ¶
func (*Store) EnableSecurity ¶
func (*Store) GetRole ¶
func (*Store) GetUser ¶
func (*Store) SecurityEnabled ¶
func (*Store) UpdateRole ¶
func (*Store) UpdateUser ¶
type User ¶
type User struct {
User string `json:"user"`
Password string `json:"password,omitempty"`
Roles []string `json:"roles"`
Grant []string `json:"grant,omitempty"`
Revoke []string `json:"revoke,omitempty"`
}
func (User) CheckPassword ¶
func (User) Merge ¶
Merge applies the properties of the passed-in User to the User on which it is called and returns a new User with these modifications applied. Think of all Users as immutable sets of data. Merge allows you to perform the set operations (desired grants and revokes) atomically
Source Files ¶
security.go security_requests.go
- Version
- v2.1.0-alpha.0+incompatible
- Published
- Apr 23, 2015
- Platform
- js/wasm
- Imports
- 14 packages
- Last checked
- 11 hours ago –
Tools for package owners.