github.com/vmware/govmomi@v0.51.0/object/authorization_manager.go (about) 1 // © Broadcom. All Rights Reserved. 2 // The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. 3 // SPDX-License-Identifier: Apache-2.0 4 5 package object 6 7 import ( 8 "context" 9 10 "github.com/vmware/govmomi/vim25" 11 "github.com/vmware/govmomi/vim25/methods" 12 "github.com/vmware/govmomi/vim25/mo" 13 "github.com/vmware/govmomi/vim25/types" 14 ) 15 16 type AuthorizationManager struct { 17 Common 18 } 19 20 func NewAuthorizationManager(c *vim25.Client) *AuthorizationManager { 21 m := AuthorizationManager{ 22 Common: NewCommon(c, *c.ServiceContent.AuthorizationManager), 23 } 24 25 return &m 26 } 27 28 type AuthorizationRoleList []types.AuthorizationRole 29 30 func (l AuthorizationRoleList) ById(id int32) *types.AuthorizationRole { 31 for _, role := range l { 32 if role.RoleId == id { 33 return &role 34 } 35 } 36 37 return nil 38 } 39 40 func (l AuthorizationRoleList) ByName(name string) *types.AuthorizationRole { 41 for _, role := range l { 42 if role.Name == name { 43 return &role 44 } 45 } 46 47 return nil 48 } 49 50 func (m AuthorizationManager) RoleList(ctx context.Context) (AuthorizationRoleList, error) { 51 var am mo.AuthorizationManager 52 53 err := m.Properties(ctx, m.Reference(), []string{"roleList"}, &am) 54 if err != nil { 55 return nil, err 56 } 57 58 return AuthorizationRoleList(am.RoleList), nil 59 } 60 61 func (m AuthorizationManager) RetrieveEntityPermissions(ctx context.Context, entity types.ManagedObjectReference, inherited bool) ([]types.Permission, error) { 62 req := types.RetrieveEntityPermissions{ 63 This: m.Reference(), 64 Entity: entity, 65 Inherited: inherited, 66 } 67 68 res, err := methods.RetrieveEntityPermissions(ctx, m.Client(), &req) 69 if err != nil { 70 return nil, err 71 } 72 73 return res.Returnval, nil 74 } 75 76 func (m AuthorizationManager) RemoveEntityPermission(ctx context.Context, entity types.ManagedObjectReference, user string, isGroup bool) error { 77 req := types.RemoveEntityPermission{ 78 This: m.Reference(), 79 Entity: entity, 80 User: user, 81 IsGroup: isGroup, 82 } 83 84 _, err := methods.RemoveEntityPermission(ctx, m.Client(), &req) 85 return err 86 } 87 88 func (m AuthorizationManager) SetEntityPermissions(ctx context.Context, entity types.ManagedObjectReference, permission []types.Permission) error { 89 req := types.SetEntityPermissions{ 90 This: m.Reference(), 91 Entity: entity, 92 Permission: permission, 93 } 94 95 _, err := methods.SetEntityPermissions(ctx, m.Client(), &req) 96 return err 97 } 98 99 func (m AuthorizationManager) RetrieveRolePermissions(ctx context.Context, id int32) ([]types.Permission, error) { 100 req := types.RetrieveRolePermissions{ 101 This: m.Reference(), 102 RoleId: id, 103 } 104 105 res, err := methods.RetrieveRolePermissions(ctx, m.Client(), &req) 106 if err != nil { 107 return nil, err 108 } 109 110 return res.Returnval, nil 111 } 112 113 func (m AuthorizationManager) RetrieveAllPermissions(ctx context.Context) ([]types.Permission, error) { 114 req := types.RetrieveAllPermissions{ 115 This: m.Reference(), 116 } 117 118 res, err := methods.RetrieveAllPermissions(ctx, m.Client(), &req) 119 if err != nil { 120 return nil, err 121 } 122 123 return res.Returnval, nil 124 } 125 126 func (m AuthorizationManager) AddRole(ctx context.Context, name string, ids []string) (int32, error) { 127 req := types.AddAuthorizationRole{ 128 This: m.Reference(), 129 Name: name, 130 PrivIds: ids, 131 } 132 133 res, err := methods.AddAuthorizationRole(ctx, m.Client(), &req) 134 if err != nil { 135 return -1, err 136 } 137 138 return res.Returnval, nil 139 } 140 141 func (m AuthorizationManager) RemoveRole(ctx context.Context, id int32, failIfUsed bool) error { 142 req := types.RemoveAuthorizationRole{ 143 This: m.Reference(), 144 RoleId: id, 145 FailIfUsed: failIfUsed, 146 } 147 148 _, err := methods.RemoveAuthorizationRole(ctx, m.Client(), &req) 149 return err 150 } 151 152 func (m AuthorizationManager) UpdateRole(ctx context.Context, id int32, name string, ids []string) error { 153 req := types.UpdateAuthorizationRole{ 154 This: m.Reference(), 155 RoleId: id, 156 NewName: name, 157 PrivIds: ids, 158 } 159 160 _, err := methods.UpdateAuthorizationRole(ctx, m.Client(), &req) 161 return err 162 } 163 164 func (m AuthorizationManager) HasUserPrivilegeOnEntities(ctx context.Context, entities []types.ManagedObjectReference, userName string, privID []string) ([]types.EntityPrivilege, error) { 165 req := types.HasUserPrivilegeOnEntities{ 166 This: m.Reference(), 167 Entities: entities, 168 UserName: userName, 169 PrivId: privID, 170 } 171 172 res, err := methods.HasUserPrivilegeOnEntities(ctx, m.Client(), &req) 173 if err != nil { 174 return nil, err 175 } 176 177 return res.Returnval, nil 178 } 179 180 func (m AuthorizationManager) HasPrivilegeOnEntity(ctx context.Context, entity types.ManagedObjectReference, sessionID string, privID []string) ([]bool, error) { 181 req := types.HasPrivilegeOnEntity{ 182 This: m.Reference(), 183 Entity: entity, 184 SessionId: sessionID, 185 PrivId: privID, 186 } 187 188 res, err := methods.HasPrivilegeOnEntity(ctx, m.Client(), &req) 189 if err != nil { 190 return nil, err 191 } 192 193 return res.Returnval, nil 194 } 195 196 func (m AuthorizationManager) FetchUserPrivilegeOnEntities(ctx context.Context, entities []types.ManagedObjectReference, userName string) ([]types.UserPrivilegeResult, error) { 197 req := types.FetchUserPrivilegeOnEntities{ 198 This: m.Reference(), 199 Entities: entities, 200 UserName: userName, 201 } 202 203 res, err := methods.FetchUserPrivilegeOnEntities(ctx, m.Client(), &req) 204 if err != nil { 205 return nil, err 206 } 207 208 return res.Returnval, nil 209 }