github.com/fanux/shipyard@v0.0.0-20161009071005-6515ce223235/auth/rules.go (about)

     1  package auth
     2  
     3  type (
     4  	ACL struct {
     5  		RoleName    string        `json:"role_name,omitempty"`
     6  		Description string        `json:"description,omitempty"`
     7  		Rules       []*AccessRule `json:"rules,omitempty"`
     8  	}
     9  
    10  	AccessRule struct {
    11  		Path    string   `json:"path,omitempty"`
    12  		Methods []string `json:"methods,omitempty"`
    13  	}
    14  )
    15  
    16  func DefaultACLs() []*ACL {
    17  	acls := []*ACL{}
    18  	adminACL := &ACL{
    19  		RoleName:    "admin",
    20  		Description: "Administrator",
    21  		Rules: []*AccessRule{
    22  			{
    23  				Path:    "*",
    24  				Methods: []string{"*"},
    25  			},
    26  		},
    27  	}
    28  	acls = append(acls, adminACL)
    29  
    30  	containersACLRO := &ACL{
    31  		RoleName:    "containers:ro",
    32  		Description: "Containers Read Only",
    33  		Rules: []*AccessRule{
    34  			{
    35  				Path:    "/containers",
    36  				Methods: []string{"GET"},
    37  			},
    38  		},
    39  	}
    40  	acls = append(acls, containersACLRO)
    41  
    42  	containersACLRW := &ACL{
    43  		RoleName:    "containers:rw",
    44  		Description: "Containers",
    45  		Rules: []*AccessRule{
    46  			{
    47  				Path:    "/containers",
    48  				Methods: []string{"GET", "POST", "DELETE"},
    49  			},
    50  		},
    51  	}
    52  	acls = append(acls, containersACLRW)
    53  
    54  	eventsACLRO := &ACL{
    55  		RoleName:    "events:ro",
    56  		Description: "Events Read Only",
    57  		Rules: []*AccessRule{
    58  			{
    59  				Path:    "/api/events",
    60  				Methods: []string{"GET"},
    61  			},
    62  		},
    63  	}
    64  	acls = append(acls, eventsACLRO)
    65  
    66  	eventsACLRW := &ACL{
    67  		RoleName:    "events:rw",
    68  		Description: "Events",
    69  		Rules: []*AccessRule{
    70  			{
    71  				Path:    "/api/events",
    72  				Methods: []string{"GET", "POST", "DELETE"},
    73  			},
    74  		},
    75  	}
    76  	acls = append(acls, eventsACLRW)
    77  
    78  	imagesACLRO := &ACL{
    79  		RoleName:    "images:ro",
    80  		Description: "Images Read Only",
    81  		Rules: []*AccessRule{
    82  			{
    83  				Path:    "/images",
    84  				Methods: []string{"GET"},
    85  			},
    86  		},
    87  	}
    88  	acls = append(acls, imagesACLRO)
    89  
    90  	imagesACLRW := &ACL{
    91  		RoleName:    "images:rw",
    92  		Description: "Images",
    93  		Rules: []*AccessRule{
    94  			{
    95  				Path:    "/images",
    96  				Methods: []string{"GET", "POST", "DELETE"},
    97  			},
    98  		},
    99  	}
   100  	acls = append(acls, imagesACLRW)
   101  
   102  	nodesACLRO := &ACL{
   103  		RoleName:    "nodes:ro",
   104  		Description: "Nodes Read Only",
   105  		Rules: []*AccessRule{
   106  			{
   107  				Path:    "/api/nodes",
   108  				Methods: []string{"GET"},
   109  			},
   110  		},
   111  	}
   112  	acls = append(acls, nodesACLRO)
   113  
   114  	nodesACLRW := &ACL{
   115  		RoleName:    "nodes:rw",
   116  		Description: "Nodes",
   117  		Rules: []*AccessRule{
   118  			{
   119  				Path:    "/api/nodes",
   120  				Methods: []string{"GET", "POST", "DELETE"},
   121  			},
   122  		},
   123  	}
   124  	acls = append(acls, nodesACLRW)
   125  
   126  	registriesACLRO := &ACL{
   127  		RoleName:    "registries:ro",
   128  		Description: "Registries Read Only",
   129  		Rules: []*AccessRule{
   130  			{
   131  				Path:    "/api/registry",
   132  				Methods: []string{"GET"},
   133  			},
   134  		},
   135  	}
   136  	acls = append(acls, registriesACLRO)
   137  
   138  	registriesACLRW := &ACL{
   139  		RoleName:    "registries:rw",
   140  		Description: "Registries",
   141  		Rules: []*AccessRule{
   142  			{
   143  				Path:    "/api/registry",
   144  				Methods: []string{"GET", "POST", "DELETE"},
   145  			},
   146  		},
   147  	}
   148  	acls = append(acls, registriesACLRW)
   149  
   150  	return acls
   151  }