Thanks to visit codestin.com
Credit goes to pkg.go.dev

policy

package
v2.21.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 29, 2025 License: AGPL-3.0 Imports: 0 Imported by: 0

Documentation

Index

Constants

View Source 
const WildcardSymbol = "*"

Variables

View Source 
var RBACPermissions = map[string]PermissionDefinition{

	WildcardSymbol: {
		Name:    "Wildcard",
		Actions: map[Action]ActionDefinition{},
	},
	"user": {
		Actions: map[Action]ActionDefinition{

			ActionRead:   actDef("read user data"),
			ActionCreate: actDef("create a new user"),
			ActionUpdate: actDef("update an existing user"),
			ActionDelete: actDef("delete an existing user"),

			ActionReadPersonal:   actDef("read personal user data like user settings and auth links"),
			ActionUpdatePersonal: actDef("update personal data"),
		},
	},
	"workspace": {
		Actions: workspaceActions,
	},

	"workspace_dormant": {
		Actions: workspaceActions,
	},
	"workspace_proxy": {
		Actions: map[Action]ActionDefinition{
			ActionCreate: actDef("create a workspace proxy"),
			ActionDelete: actDef("delete a workspace proxy"),
			ActionUpdate: actDef("update a workspace proxy"),
			ActionRead:   actDef("read and use a workspace proxy"),
		},
	},
	"license": {
		Actions: map[Action]ActionDefinition{
			ActionCreate: actDef("create a license"),
			ActionRead:   actDef("read licenses"),
			ActionDelete: actDef("delete license"),
		},
	},
	"audit_log": {
		Actions: map[Action]ActionDefinition{
			ActionRead:   actDef("read audit logs"),
			ActionCreate: actDef("create new audit log entries"),
		},
	},
	"deployment_config": {
		Actions: map[Action]ActionDefinition{
			ActionRead:   actDef("read deployment config"),
			ActionUpdate: actDef("updating health information"),
		},
	},
	"deployment_stats": {
		Actions: map[Action]ActionDefinition{
			ActionRead: actDef("read deployment stats"),
		},
	},
	"replicas": {
		Actions: map[Action]ActionDefinition{
			ActionRead: actDef("read replicas"),
		},
	},
	"template": {
		Actions: map[Action]ActionDefinition{
			ActionCreate:       actDef("create a template"),
			ActionUse:          actDef("use the template to initially create a workspace, then workspace lifecycle permissions take over"),
			ActionRead:         actDef("read template"),
			ActionUpdate:       actDef("update a template"),
			ActionDelete:       actDef("delete a template"),
			ActionViewInsights: actDef("view insights"),
		},
	},
	"group": {
		Actions: map[Action]ActionDefinition{
			ActionCreate: actDef("create a group"),
			ActionRead:   actDef("read groups"),
			ActionDelete: actDef("delete a group"),
			ActionUpdate: actDef("update a group"),
		},
	},
	"group_member": {
		Actions: map[Action]ActionDefinition{
			ActionRead: actDef("read group members"),
		},
	},
	"file": {
		Actions: map[Action]ActionDefinition{
			ActionCreate: actDef("create a file"),
			ActionRead:   actDef("read files"),
		},
	},
	"provisioner_daemon": {
		Actions: map[Action]ActionDefinition{
			ActionCreate: actDef("create a provisioner daemon/key"),

			ActionRead:   actDef("read provisioner daemon"),
			ActionUpdate: actDef("update a provisioner daemon"),
			ActionDelete: actDef("delete a provisioner daemon/key"),
		},
	},
	"provisioner_jobs": {
		Actions: map[Action]ActionDefinition{
			ActionRead: actDef("read provisioner jobs"),
		},
	},
	"organization": {
		Actions: map[Action]ActionDefinition{
			ActionCreate: actDef("create an organization"),
			ActionRead:   actDef("read organizations"),
			ActionUpdate: actDef("update an organization"),
			ActionDelete: actDef("delete an organization"),
		},
	},
	"organization_member": {
		Actions: map[Action]ActionDefinition{
			ActionCreate: actDef("create an organization member"),
			ActionRead:   actDef("read member"),
			ActionUpdate: actDef("update an organization member"),
			ActionDelete: actDef("delete member"),
		},
	},
	"debug_info": {
		Actions: map[Action]ActionDefinition{
			ActionRead: actDef("access to debug routes"),
		},
	},
	"system": {
		Actions: map[Action]ActionDefinition{
			ActionCreate: actDef("create system resources"),
			ActionRead:   actDef("view system resources"),
			ActionUpdate: actDef("update system resources"),
			ActionDelete: actDef("delete system resources"),
		},
	},
	"api_key": {
		Actions: map[Action]ActionDefinition{
			ActionCreate: actDef("create an api key"),
			ActionRead:   actDef("read api key details (secrets are not stored)"),
			ActionDelete: actDef("delete an api key"),
			ActionUpdate: actDef("update an api key, eg expires"),
		},
	},
	"tailnet_coordinator": {
		Actions: map[Action]ActionDefinition{
			ActionCreate: actDef("create a Tailnet coordinator"),
			ActionRead:   actDef("view info about a Tailnet coordinator"),
			ActionUpdate: actDef("update a Tailnet coordinator"),
			ActionDelete: actDef("delete a Tailnet coordinator"),
		},
	},
	"assign_role": {
		Actions: map[Action]ActionDefinition{
			ActionAssign:   actDef("assign user roles"),
			ActionUnassign: actDef("unassign user roles"),
			ActionRead:     actDef("view what roles are assignable"),
		},
	},
	"assign_org_role": {
		Actions: map[Action]ActionDefinition{
			ActionAssign:   actDef("assign org scoped roles"),
			ActionUnassign: actDef("unassign org scoped roles"),
			ActionCreate:   actDef("create/delete custom roles within an organization"),
			ActionRead:     actDef("view what roles are assignable within an organization"),
			ActionUpdate:   actDef("edit custom roles within an organization"),
			ActionDelete:   actDef("delete roles within an organization"),
		},
	},
	"oauth2_app": {
		Actions: map[Action]ActionDefinition{
			ActionCreate: actDef("make an OAuth2 app"),
			ActionRead:   actDef("read OAuth2 apps"),
			ActionUpdate: actDef("update the properties of the OAuth2 app"),
			ActionDelete: actDef("delete an OAuth2 app"),
		},
	},
	"oauth2_app_secret": {
		Actions: map[Action]ActionDefinition{
			ActionCreate: actDef("create an OAuth2 app secret"),
			ActionRead:   actDef("read an OAuth2 app secret"),
			ActionUpdate: actDef("update an OAuth2 app secret"),
			ActionDelete: actDef("delete an OAuth2 app secret"),
		},
	},
	"oauth2_app_code_token": {
		Actions: map[Action]ActionDefinition{
			ActionCreate: actDef("create an OAuth2 app code token"),
			ActionRead:   actDef("read an OAuth2 app code token"),
			ActionDelete: actDef("delete an OAuth2 app code token"),
		},
	},
	"notification_message": {
		Actions: map[Action]ActionDefinition{
			ActionCreate: actDef("create notification messages"),
			ActionRead:   actDef("read notification messages"),
			ActionUpdate: actDef("update notification messages"),
			ActionDelete: actDef("delete notification messages"),
		},
	},
	"notification_template": {
		Actions: map[Action]ActionDefinition{
			ActionRead:   actDef("read notification templates"),
			ActionUpdate: actDef("update notification templates"),
		},
	},
	"notification_preference": {
		Actions: map[Action]ActionDefinition{
			ActionRead:   actDef("read notification preferences"),
			ActionUpdate: actDef("update notification preferences"),
		},
	},
	"webpush_subscription": {
		Actions: map[Action]ActionDefinition{
			ActionCreate: actDef("create webpush subscriptions"),
			ActionRead:   actDef("read webpush subscriptions"),
			ActionDelete: actDef("delete webpush subscriptions"),
		},
	},
	"inbox_notification": {
		Actions: map[Action]ActionDefinition{
			ActionCreate: actDef("create inbox notifications"),
			ActionRead:   actDef("read inbox notifications"),
			ActionUpdate: actDef("update inbox notifications"),
		},
	},
	"crypto_key": {
		Actions: map[Action]ActionDefinition{
			ActionRead:   actDef("read crypto keys"),
			ActionUpdate: actDef("update crypto keys"),
			ActionDelete: actDef("delete crypto keys"),
			ActionCreate: actDef("create crypto keys"),
		},
	},

	"idpsync_settings": {
		Actions: map[Action]ActionDefinition{
			ActionRead:   actDef("read IdP sync settings"),
			ActionUpdate: actDef("update IdP sync settings"),
		},
	},
	"workspace_agent_resource_monitor": {
		Actions: map[Action]ActionDefinition{
			ActionRead:   actDef("read workspace agent resource monitor"),
			ActionCreate: actDef("create workspace agent resource monitor"),
			ActionUpdate: actDef("update workspace agent resource monitor"),
		},
	},
	"workspace_agent_devcontainers": {
		Actions: map[Action]ActionDefinition{
			ActionCreate: actDef("create workspace agent devcontainers"),
		},
	},
}

RBACPermissions is indexed by the type

Functions

This section is empty.

Types

type Action 

type Action string

Action represents the allowed actions to be done on an object. 

const (
	ActionCreate Action = "create"
	ActionRead   Action = "read"
	ActionUpdate Action = "update"
	ActionDelete Action = "delete"

	ActionUse                Action = "use"
	ActionSSH                Action = "ssh"
	ActionApplicationConnect Action = "application_connect"
	ActionViewInsights       Action = "view_insights"

	ActionWorkspaceStart Action = "start"
	ActionWorkspaceStop  Action = "stop"

	ActionAssign   Action = "assign"
	ActionUnassign Action = "unassign"

	ActionReadPersonal   Action = "read_personal"
	ActionUpdatePersonal Action = "update_personal"
)

type ActionDefinition 

type ActionDefinition struct {
	// Human friendly description to explain the action.
	Description string
}

func (ActionDefinition) String added in v2.14.0 

func (d ActionDefinition) String() string

type PermissionDefinition 

type PermissionDefinition struct {
	// name is optional. Used to override "Type" for function naming.
	Name string
	// Actions are a map of actions to some description of what the action
	// should represent. The key in the actions map is the verb to use
	// in the rbac policy.
	Actions map[Action]ActionDefinition
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.