github.com/NVIDIA/aistore@v1.3.23-0.20240517131212-7df6609be51d/api/authn/entity.go

github.com/NVIDIA/aistore@v1.3.23-0.20240517131212-7df6609be51d/api/authn/entity.go (about)

     1  // Package authn provides AuthN API over HTTP(S)
     2  /*
     3   * Copyright (c) 2018-2022, NVIDIA CORPORATION. All rights reserved.
     4   */
     5  package authn
     6  
     7  import (
     8  	"time"
     9  
    10  	"github.com/NVIDIA/aistore/api/apc"
    11  	"github.com/NVIDIA/aistore/cmn"
    12  	"github.com/NVIDIA/aistore/cmn/jsp"
    13  )
    14  
    15  const (
    16  	AdminRole = "Admin"
    17  )
    18  
    19  type (
    20  	User struct {
    21  		ID          string    `json:"id"`
    22  		Password    string    `json:"pass,omitempty"`
    23  		Roles       []string  `json:"roles"`
    24  		ClusterACLs []*CluACL `json:"clusters"`
    25  		BucketACLs  []*BckACL `json:"buckets"` // list of buckets with special permissions
    26  	}
    27  	CluACL struct {
    28  		ID     string          `json:"id"`
    29  		Alias  string          `json:"alias,omitempty"`
    30  		Access apc.AccessAttrs `json:"perm,string,omitempty"`
    31  		URLs   []string        `json:"urls,omitempty"`
    32  	}
    33  	BckACL struct {
    34  		Bck    cmn.Bck         `json:"bck"`
    35  		Access apc.AccessAttrs `json:"perm,string"`
    36  	}
    37  	TokenMsg struct {
    38  		Token string `json:"token"`
    39  	}
    40  	LoginMsg struct {
    41  		Password  string         `json:"password"`
    42  		ExpiresIn *time.Duration `json:"expires_in"`
    43  		ClusterID string         `json:"cluster_id"`
    44  	}
    45  	RegisteredClusters struct {
    46  		M map[string]*CluACL `json:"clusters,omitempty"`
    47  	}
    48  	Role struct {
    49  		ID          string    `json:"name"`
    50  		Desc        string    `json:"desc"`
    51  		Roles       []string  `json:"roles"`
    52  		ClusterACLs []*CluACL `json:"clusters"`
    53  		BucketACLs  []*BckACL `json:"buckets"`
    54  		IsAdmin     bool      `json:"admin"`
    55  	}
    56  )
    57  
    58  //////////
    59  // User //
    60  //////////
    61  
    62  // IsAdmin returns true if the user is an admin or super-user,
    63  // i.e. the user has the full access to everything.
    64  func (uInfo *User) IsAdmin() bool {
    65  	for _, r := range uInfo.Roles {
    66  		if r == AdminRole {
    67  			return true
    68  		}
    69  	}
    70  	return false
    71  }
    72  
    73  ////////////
    74  // CluACL //
    75  ////////////
    76  
    77  func (clu *CluACL) String() string {
    78  	uuid := "[" + clu.ID + "]"
    79  	if clu.Alias != "" && clu.Alias != clu.ID {
    80  		return clu.Alias + uuid
    81  	}
    82  	if len(clu.URLs) > 0 {
    83  		return clu.URLs[0] + uuid
    84  	}
    85  	return uuid
    86  }
    87  
    88  //////////////
    89  // TokenMsg //
    90  //////////////
    91  
    92  var _ jsp.Opts = (*TokenMsg)(nil)
    93  
    94  func (*TokenMsg) JspOpts() jsp.Options { return authtokJspOpts }