Documentation
¶
Index ¶
Constants ¶
View Source
const WildcardSymbol = "*"
Variables ¶
View Source
var RBACPermissions = map[string]PermissionDefinition{ WildcardSymbol: { Name: "Wildcard", Actions: map[Action]ActionDefinition{}, }, "user": { Actions: map[Action]ActionDefinition{ ActionRead: actDef("read user data"), ActionCreate: actDef("create a new user"), ActionUpdate: actDef("update an existing user"), ActionDelete: actDef("delete an existing user"), ActionReadPersonal: actDef("read personal user data like user settings and auth links"), ActionUpdatePersonal: actDef("update personal data"), }, }, "workspace": { Actions: workspaceActions, }, "workspace_dormant": { Actions: workspaceActions, }, "workspace_proxy": { Actions: map[Action]ActionDefinition{ ActionCreate: actDef("create a workspace proxy"), ActionDelete: actDef("delete a workspace proxy"), ActionUpdate: actDef("update a workspace proxy"), ActionRead: actDef("read and use a workspace proxy"), }, }, "license": { Actions: map[Action]ActionDefinition{ ActionCreate: actDef("create a license"), ActionRead: actDef("read licenses"), ActionDelete: actDef("delete license"), }, }, "audit_log": { Actions: map[Action]ActionDefinition{ ActionRead: actDef("read audit logs"), ActionCreate: actDef("create new audit log entries"), }, }, "deployment_config": { Actions: map[Action]ActionDefinition{ ActionRead: actDef("read deployment config"), ActionUpdate: actDef("updating health information"), }, }, "deployment_stats": { Actions: map[Action]ActionDefinition{ ActionRead: actDef("read deployment stats"), }, }, "replicas": { Actions: map[Action]ActionDefinition{ ActionRead: actDef("read replicas"), }, }, "template": { Actions: map[Action]ActionDefinition{ ActionCreate: actDef("create a template"), ActionRead: actDef("read template"), ActionUpdate: actDef("update a template"), ActionDelete: actDef("delete a template"), ActionViewInsights: actDef("view insights"), }, }, "group": { Actions: map[Action]ActionDefinition{ ActionCreate: actDef("create a group"), ActionRead: actDef("read groups"), ActionDelete: actDef("delete a group"), ActionUpdate: actDef("update a group"), }, }, "file": { Actions: map[Action]ActionDefinition{ ActionCreate: actDef("create a file"), ActionRead: actDef("read files"), }, }, "provisioner_daemon": { Actions: map[Action]ActionDefinition{ ActionCreate: actDef("create a provisioner daemon"), ActionRead: actDef("read provisioner daemon"), ActionUpdate: actDef("update a provisioner daemon"), ActionDelete: actDef("delete a provisioner daemon"), }, }, "organization": { Actions: map[Action]ActionDefinition{ ActionCreate: actDef("create an organization"), ActionRead: actDef("read organizations"), ActionUpdate: actDef("update an organization"), ActionDelete: actDef("delete an organization"), }, }, "organization_member": { Actions: map[Action]ActionDefinition{ ActionCreate: actDef("create an organization member"), ActionRead: actDef("read member"), ActionUpdate: actDef("update an organization member"), ActionDelete: actDef("delete member"), }, }, "debug_info": { Actions: map[Action]ActionDefinition{ ActionRead: actDef("access to debug routes"), }, }, "system": { Actions: map[Action]ActionDefinition{ ActionCreate: actDef("create system resources"), ActionRead: actDef("view system resources"), ActionUpdate: actDef("update system resources"), ActionDelete: actDef("delete system resources"), }, }, "api_key": { Actions: map[Action]ActionDefinition{ ActionCreate: actDef("create an api key"), ActionRead: actDef("read api key details (secrets are not stored)"), ActionDelete: actDef("delete an api key"), ActionUpdate: actDef("update an api key, eg expires"), }, }, "tailnet_coordinator": { Actions: map[Action]ActionDefinition{ ActionCreate: actDef(""), ActionRead: actDef(""), ActionUpdate: actDef(""), ActionDelete: actDef(""), }, }, "assign_role": { Actions: map[Action]ActionDefinition{ ActionAssign: actDef("ability to assign roles"), ActionRead: actDef("view what roles are assignable"), ActionDelete: actDef("ability to unassign roles"), ActionCreate: actDef("ability to create/delete/edit custom roles"), }, }, "assign_org_role": { Actions: map[Action]ActionDefinition{ ActionAssign: actDef("ability to assign org scoped roles"), ActionRead: actDef("view what roles are assignable"), ActionDelete: actDef("ability to delete org scoped roles"), }, }, "oauth2_app": { Actions: map[Action]ActionDefinition{ ActionCreate: actDef("make an OAuth2 app."), ActionRead: actDef("read OAuth2 apps"), ActionUpdate: actDef("update the properties of the OAuth2 app."), ActionDelete: actDef("delete an OAuth2 app"), }, }, "oauth2_app_secret": { Actions: map[Action]ActionDefinition{ ActionCreate: actDef(""), ActionRead: actDef(""), ActionUpdate: actDef(""), ActionDelete: actDef(""), }, }, "oauth2_app_code_token": { Actions: map[Action]ActionDefinition{ ActionCreate: actDef(""), ActionRead: actDef(""), ActionDelete: actDef(""), }, }, }
RBACPermissions is indexed by the type
Functions ¶
This section is empty.
Types ¶
type Action ¶
type Action string
Action represents the allowed actions to be done on an object.
const ( ActionCreate Action = "create" ActionRead Action = "read" ActionUpdate Action = "update" ActionDelete Action = "delete" ActionUse Action = "use" ActionSSH Action = "ssh" ActionApplicationConnect Action = "application_connect" ActionViewInsights Action = "view_insights" ActionWorkspaceStart Action = "start" ActionWorkspaceStop Action = "stop" ActionAssign Action = "assign" ActionReadPersonal Action = "read_personal" ActionUpdatePersonal Action = "update_personal" )
type ActionDefinition ¶
type ActionDefinition struct {
// Human friendly description to explain the action.
Description string
}
type PermissionDefinition ¶
type PermissionDefinition struct {
// name is optional. Used to override "Type" for function naming.
Name string
// Actions are a map of actions to some description of what the action
// should represent. The key in the actions map is the verb to use
// in the rbac policy.
Actions map[Action]ActionDefinition
}
Source Files
Click to show internal directories.
Click to hide internal directories.