go.temporal.io/server@v1.23.0/common/authorization/roles.go

go.temporal.io/server@v1.23.0/common/authorization/roles.go (about)

     1  // The MIT License
     2  //
     3  // Copyright (c) 2020 Temporal Technologies Inc.  All rights reserved.
     4  //
     5  // Copyright (c) 2020 Uber Technologies, Inc.
     6  //
     7  // Permission is hereby granted, free of charge, to any person obtaining a copy
     8  // of this software and associated documentation files (the "Software"), to deal
     9  // in the Software without restriction, including without limitation the rights
    10  // to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
    11  // copies of the Software, and to permit persons to whom the Software is
    12  // furnished to do so, subject to the following conditions:
    13  //
    14  // The above copyright notice and this permission notice shall be included in
    15  // all copies or substantial portions of the Software.
    16  //
    17  // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
    18  // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
    19  // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
    20  // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
    21  // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
    22  // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
    23  // THE SOFTWARE.
    24  
    25  package authorization
    26  
    27  type Role int16
    28  
    29  // @@@SNIPSTART temporal-common-authorization-role-enum
    30  // User authz within the context of an entity, such as system, namespace or workflow.
    31  // User may have any combination of these authz within each context, except for RoleUndefined, as a bitmask.
    32  const (
    33  	RoleWorker = Role(1 << iota)
    34  	RoleReader
    35  	RoleWriter
    36  	RoleAdmin
    37  	RoleUndefined = Role(0)
    38  )
    39  
    40  // @@@SNIPEND
    41  
    42  // Checks if the provided role bitmask represents a valid combination of authz
    43  func (b Role) IsValid() bool {
    44  	return b&^(RoleWorker|RoleReader|RoleWriter|RoleAdmin) == 0
    45  }
    46  
    47  // @@@SNIPSTART temporal-common-authorization-claims
    48  // Claims contains the identity of the subject and subject's roles at the system level and for individual namespaces
    49  type Claims struct {
    50  	// Identity of the subject
    51  	Subject string
    52  	// Role within the context of the whole Temporal cluster or a multi-cluster setup
    53  	System Role
    54  	// Roles within specific namespaces
    55  	Namespaces map[string]Role
    56  	// Free form bucket for extra data
    57  	Extensions interface{}
    58  }
    59  
    60  // @@@SNIPEND