mirrors/scylladb
1
0
Fork 0
mirror of https://github.com/scylladb/scylladb.git synced 2026-06-03 05:26:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
cccfe269cfd4d93bc9f44ece1ba515bde4a9f0cc
scylladb/auth/authorizer.hh
Jesse Haber-Kucharsky b1d9d0e4ff auth: Reorder authorizer args for consistency
2018-02-14 14:15:59 -05:00

139 lines
4.2 KiB
C++
Raw Blame History

/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/*
* Copyright (C) 2016 ScyllaDB
*
* Modified by ScyllaDB
*/
/*
* This file is part of Scylla.
*
* Scylla is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Scylla is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Scylla. If not, see <http://www.gnu.org/licenses/>.
*/
#pragma once
#include <experimental/string_view>
#include <functional>
#include <optional>
#include <tuple>
#include <vector>
#include <seastar/core/future.hh>
#include <seastar/core/shared_ptr.hh>
#include "auth/permission.hh"
#include "auth/resource.hh"
#include "seastarx.hh"
#include "stdx.hh"
namespace auth {
class service;
struct permission_details {
sstring user;
::auth::resource resource;
permission_set permissions;
bool operator<(const permission_details& v) const {
return std::tie(user, resource, permissions) < std::tie(v.user, v.resource, v.permissions);
}
};
///
/// Abstract interface for authorizing users to access resources.
///
class authorizer {
public:
virtual ~authorizer() = default;
virtual future<> start() = 0;
virtual future<> stop() = 0;
///
/// A fully-qualified (class with package) Java-like name for this implementation.
///
virtual const sstring& qualified_java_name() const = 0;
///
/// Query for the permissions granted to a role for a particular \ref resource.
///
/// The resulting permission set includes permissions obtained transitively through roles granted to this role.
///
virtual future<permission_set> authorize(stdx::string_view role_name, const resource&, service&) const = 0;
///
/// Grant a set of permissions to a user for a particular \ref resource.
///
virtual future<> grant(stdx::string_view role_name, permission_set, const resource&) = 0;
///
/// Revoke a set of permissions from a user for a particular \ref resource.
///
virtual future<> revoke(stdx::string_view role_name, permission_set, const resource&) = 0;
///
/// Query for granted permissions.
///
/// Only information for permissions in `matching` is included.
///
/// If `resource` is empty, then query for permissions on all resources.
///
/// If `role_name` is empty, query for permissions of all users. Otherwise, query for permissions specific to that
/// user.
///
virtual future<std::vector<permission_details>>
list(
permission_set matching,
const std::optional<resource>& resource,
const std::optional<stdx::string_view>& role_name,
service&) const = 0;
///
/// Revoke all permissions granted to a particular user.
///
virtual future<> revoke_all(stdx::string_view role_name) = 0;
///
/// Revoke all permissions granted to any user for a particular resource.
///
virtual future<> revoke_all(const resource&) = 0;
///
/// System resources used internally as part of the implementation. These are made inaccessible to users.
///
virtual const resource_set& protected_resources() const = 0;
};
}
Reference in New Issue View Git Blame Copy Permalink