github.com/fanux/shipyard@v0.0.0-20161009071005-6515ce223235/auth/rules.go (about) 1 package auth 2 3 type ( 4 ACL struct { 5 RoleName string `json:"role_name,omitempty"` 6 Description string `json:"description,omitempty"` 7 Rules []*AccessRule `json:"rules,omitempty"` 8 } 9 10 AccessRule struct { 11 Path string `json:"path,omitempty"` 12 Methods []string `json:"methods,omitempty"` 13 } 14 ) 15 16 func DefaultACLs() []*ACL { 17 acls := []*ACL{} 18 adminACL := &ACL{ 19 RoleName: "admin", 20 Description: "Administrator", 21 Rules: []*AccessRule{ 22 { 23 Path: "*", 24 Methods: []string{"*"}, 25 }, 26 }, 27 } 28 acls = append(acls, adminACL) 29 30 containersACLRO := &ACL{ 31 RoleName: "containers:ro", 32 Description: "Containers Read Only", 33 Rules: []*AccessRule{ 34 { 35 Path: "/containers", 36 Methods: []string{"GET"}, 37 }, 38 }, 39 } 40 acls = append(acls, containersACLRO) 41 42 containersACLRW := &ACL{ 43 RoleName: "containers:rw", 44 Description: "Containers", 45 Rules: []*AccessRule{ 46 { 47 Path: "/containers", 48 Methods: []string{"GET", "POST", "DELETE"}, 49 }, 50 }, 51 } 52 acls = append(acls, containersACLRW) 53 54 eventsACLRO := &ACL{ 55 RoleName: "events:ro", 56 Description: "Events Read Only", 57 Rules: []*AccessRule{ 58 { 59 Path: "/api/events", 60 Methods: []string{"GET"}, 61 }, 62 }, 63 } 64 acls = append(acls, eventsACLRO) 65 66 eventsACLRW := &ACL{ 67 RoleName: "events:rw", 68 Description: "Events", 69 Rules: []*AccessRule{ 70 { 71 Path: "/api/events", 72 Methods: []string{"GET", "POST", "DELETE"}, 73 }, 74 }, 75 } 76 acls = append(acls, eventsACLRW) 77 78 imagesACLRO := &ACL{ 79 RoleName: "images:ro", 80 Description: "Images Read Only", 81 Rules: []*AccessRule{ 82 { 83 Path: "/images", 84 Methods: []string{"GET"}, 85 }, 86 }, 87 } 88 acls = append(acls, imagesACLRO) 89 90 imagesACLRW := &ACL{ 91 RoleName: "images:rw", 92 Description: "Images", 93 Rules: []*AccessRule{ 94 { 95 Path: "/images", 96 Methods: []string{"GET", "POST", "DELETE"}, 97 }, 98 }, 99 } 100 acls = append(acls, imagesACLRW) 101 102 nodesACLRO := &ACL{ 103 RoleName: "nodes:ro", 104 Description: "Nodes Read Only", 105 Rules: []*AccessRule{ 106 { 107 Path: "/api/nodes", 108 Methods: []string{"GET"}, 109 }, 110 }, 111 } 112 acls = append(acls, nodesACLRO) 113 114 nodesACLRW := &ACL{ 115 RoleName: "nodes:rw", 116 Description: "Nodes", 117 Rules: []*AccessRule{ 118 { 119 Path: "/api/nodes", 120 Methods: []string{"GET", "POST", "DELETE"}, 121 }, 122 }, 123 } 124 acls = append(acls, nodesACLRW) 125 126 registriesACLRO := &ACL{ 127 RoleName: "registries:ro", 128 Description: "Registries Read Only", 129 Rules: []*AccessRule{ 130 { 131 Path: "/api/registry", 132 Methods: []string{"GET"}, 133 }, 134 }, 135 } 136 acls = append(acls, registriesACLRO) 137 138 registriesACLRW := &ACL{ 139 RoleName: "registries:rw", 140 Description: "Registries", 141 Rules: []*AccessRule{ 142 { 143 Path: "/api/registry", 144 Methods: []string{"GET", "POST", "DELETE"}, 145 }, 146 }, 147 } 148 acls = append(acls, registriesACLRW) 149 150 return acls 151 }