1/* 2Copyright (c) 2015 VMware, Inc. All Rights Reserved. 3 4Licensed under the Apache License, Version 2.0 (the "License"); 5you may not use this file except in compliance with the License. 6You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10Unless required by applicable law or agreed to in writing, software 11distributed under the License is distributed on an "AS IS" BASIS, 12WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13See the License for the specific language governing permissions and 14limitations under the License. 15*/ 16 17package object 18 19import ( 20 "context" 21 22 "github.com/vmware/govmomi/vim25" 23 "github.com/vmware/govmomi/vim25/methods" 24 "github.com/vmware/govmomi/vim25/mo" 25 "github.com/vmware/govmomi/vim25/types" 26) 27 28type AuthorizationManager struct { 29 Common 30} 31 32func NewAuthorizationManager(c *vim25.Client) *AuthorizationManager { 33 m := AuthorizationManager{ 34 Common: NewCommon(c, *c.ServiceContent.AuthorizationManager), 35 } 36 37 return &m 38} 39 40type AuthorizationRoleList []types.AuthorizationRole 41 42func (l AuthorizationRoleList) ById(id int32) *types.AuthorizationRole { 43 for _, role := range l { 44 if role.RoleId == id { 45 return &role 46 } 47 } 48 49 return nil 50} 51 52func (l AuthorizationRoleList) ByName(name string) *types.AuthorizationRole { 53 for _, role := range l { 54 if role.Name == name { 55 return &role 56 } 57 } 58 59 return nil 60} 61 62func (m AuthorizationManager) RoleList(ctx context.Context) (AuthorizationRoleList, error) { 63 var am mo.AuthorizationManager 64 65 err := m.Properties(ctx, m.Reference(), []string{"roleList"}, &am) 66 if err != nil { 67 return nil, err 68 } 69 70 return AuthorizationRoleList(am.RoleList), nil 71} 72 73func (m AuthorizationManager) RetrieveEntityPermissions(ctx context.Context, entity types.ManagedObjectReference, inherited bool) ([]types.Permission, error) { 74 req := types.RetrieveEntityPermissions{ 75 This: m.Reference(), 76 Entity: entity, 77 Inherited: inherited, 78 } 79 80 res, err := methods.RetrieveEntityPermissions(ctx, m.Client(), &req) 81 if err != nil { 82 return nil, err 83 } 84 85 return res.Returnval, nil 86} 87 88func (m AuthorizationManager) RemoveEntityPermission(ctx context.Context, entity types.ManagedObjectReference, user string, isGroup bool) error { 89 req := types.RemoveEntityPermission{ 90 This: m.Reference(), 91 Entity: entity, 92 User: user, 93 IsGroup: isGroup, 94 } 95 96 _, err := methods.RemoveEntityPermission(ctx, m.Client(), &req) 97 return err 98} 99 100func (m AuthorizationManager) SetEntityPermissions(ctx context.Context, entity types.ManagedObjectReference, permission []types.Permission) error { 101 req := types.SetEntityPermissions{ 102 This: m.Reference(), 103 Entity: entity, 104 Permission: permission, 105 } 106 107 _, err := methods.SetEntityPermissions(ctx, m.Client(), &req) 108 return err 109} 110 111func (m AuthorizationManager) RetrieveRolePermissions(ctx context.Context, id int32) ([]types.Permission, error) { 112 req := types.RetrieveRolePermissions{ 113 This: m.Reference(), 114 RoleId: id, 115 } 116 117 res, err := methods.RetrieveRolePermissions(ctx, m.Client(), &req) 118 if err != nil { 119 return nil, err 120 } 121 122 return res.Returnval, nil 123} 124 125func (m AuthorizationManager) RetrieveAllPermissions(ctx context.Context) ([]types.Permission, error) { 126 req := types.RetrieveAllPermissions{ 127 This: m.Reference(), 128 } 129 130 res, err := methods.RetrieveAllPermissions(ctx, m.Client(), &req) 131 if err != nil { 132 return nil, err 133 } 134 135 return res.Returnval, nil 136} 137 138func (m AuthorizationManager) AddRole(ctx context.Context, name string, ids []string) (int32, error) { 139 req := types.AddAuthorizationRole{ 140 This: m.Reference(), 141 Name: name, 142 PrivIds: ids, 143 } 144 145 res, err := methods.AddAuthorizationRole(ctx, m.Client(), &req) 146 if err != nil { 147 return -1, err 148 } 149 150 return res.Returnval, nil 151} 152 153func (m AuthorizationManager) RemoveRole(ctx context.Context, id int32, failIfUsed bool) error { 154 req := types.RemoveAuthorizationRole{ 155 This: m.Reference(), 156 RoleId: id, 157 FailIfUsed: failIfUsed, 158 } 159 160 _, err := methods.RemoveAuthorizationRole(ctx, m.Client(), &req) 161 return err 162} 163 164func (m AuthorizationManager) UpdateRole(ctx context.Context, id int32, name string, ids []string) error { 165 req := types.UpdateAuthorizationRole{ 166 This: m.Reference(), 167 RoleId: id, 168 NewName: name, 169 PrivIds: ids, 170 } 171 172 _, err := methods.UpdateAuthorizationRole(ctx, m.Client(), &req) 173 return err 174} 175