-
Notifications
You must be signed in to change notification settings - Fork 105
/
privilegeregistry.go
142 lines (124 loc) · 4.93 KB
/
privilegeregistry.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
//
// SPDX-License-Identifier: BSD-3-Clause
//
package redfish
import (
"encoding/json"
"github.com/stmcginnis/gofish/common"
)
// Mapping shall describe a mapping between a Resource type and the relevant privileges that accesses the Resource.
type Mapping struct {
// Entity shall contain the Resource name, such as 'Manager'.
Entity string
// OperationMap shall list the mapping between HTTP methods and the privilege required for the Resource.
OperationMap OperationMap
// PropertyOverrides shall contain the privilege overrides of properties, such as the 'Password' property in the
// 'ManagerAccount' Resource.
PropertyOverrides []TargetPrivilegeMap
// ResourceURIOverrides shall contain the privilege overrides of Resource URIs. The target lists the Resource URI
// and the new privileges.
ResourceURIOverrides []TargetPrivilegeMap
// SubordinateOverrides shall contain the privilege overrides of the subordinate Resource. The target lists are
// identified by Resource type.
SubordinateOverrides []TargetPrivilegeMap
}
// OperationMap shall describe the specific privileges required to complete a set of HTTP operations.
type OperationMap struct {
// DELETE shall contain the privilege required to complete an HTTP DELETE operation.
DELETE []OperationPrivilege
// GET shall contain the privilege required to complete an HTTP GET operation.
GET []OperationPrivilege
// HEAD shall contain the privilege required to complete an HTTP HEAD operation.
HEAD []OperationPrivilege
// PATCH shall contain the privilege required to complete an HTTP PATCH operation.
PATCH []OperationPrivilege
// POST shall contain the privilege required to complete an HTTP POST operation.
POST []OperationPrivilege
// PUT shall contain the privilege required to complete an HTTP PUT operation.
PUT []OperationPrivilege
}
// OperationPrivilege shall describe the privileges required to complete a specific HTTP operation.
type OperationPrivilege struct {
// Privilege shall contain an array of privileges that are required to complete a specific HTTP operation on a
// Resource. This set of strings match zero or more strings in the PrivilegesUsed and OEMPrivilegesUsed properties.
Privilege []string
}
// PrivilegeRegistry This Resource contains operation-to-privilege mappings.
type PrivilegeRegistry struct {
common.Entity
// ODataType is the odata type.
ODataType string `json:"@odata.type"`
// Description provides a description of this resource.
Description string
// Mappings shall describe the mappings between entities and the relevant privileges that access those entities.
Mappings []Mapping
// OEMPrivilegesUsed shall contain an array of OEM privileges used in this mapping.
OEMPrivilegesUsed json.RawMessage
// Oem shall contain the OEM extensions. All values for properties that this object contains shall conform to the
// Redfish Specification-described requirements.
OEM json.RawMessage `json:"Oem"`
// PrivilegesUsed shall contain an array of Redfish standard privileges used in this mapping.
PrivilegesUsed []PrivilegeType
}
// GetPrivilegeRegistry will get a PrivilegeRegistry instance from the service.
func GetPrivilegeRegistry(c common.Client, uri string) (*PrivilegeRegistry, error) {
resp, err := c.Get(uri)
if err != nil {
return nil, err
}
defer resp.Body.Close()
var privilegeregistry PrivilegeRegistry
err = json.NewDecoder(resp.Body).Decode(&privilegeregistry)
if err != nil {
return nil, err
}
privilegeregistry.SetClient(c)
return &privilegeregistry, nil
}
// ListReferencedPrivilegeRegistrys gets the collection of PrivilegeRegistry from
// a provided reference.
func ListReferencedPrivilegeRegistrys(c common.Client, link string) ([]*PrivilegeRegistry, error) {
var result []*PrivilegeRegistry
if link == "" {
return result, nil
}
type GetResult struct {
Item *PrivilegeRegistry
Link string
Error error
}
ch := make(chan GetResult)
collectionError := common.NewCollectionError()
get := func(link string) {
privilegeregistry, err := GetPrivilegeRegistry(c, link)
ch <- GetResult{Item: privilegeregistry, Link: link, Error: err}
}
go func() {
err := common.CollectList(get, c, link)
if err != nil {
collectionError.Failures[link] = err
}
close(ch)
}()
for r := range ch {
if r.Error != nil {
collectionError.Failures[r.Link] = r.Error
} else {
result = append(result, r.Item)
}
}
if collectionError.Empty() {
return result, nil
}
return result, collectionError
}
// TargetPrivilegeMap shall describe a mapping between one or more targets and the HTTP operations associated with
// them.
type TargetPrivilegeMap struct {
// OperationMap shall contain the mapping between the HTTP operation and the privilege required to complete the
// operation.
OperationMap string
// Targets shall contain the array of URIs, Resource types, or properties. For example, '/redfish/v1/Systems/1',
// 'Manager', or 'Password'. When the Targets property is not present, no override is specified.
Targets []string
}