@Beta
public class Entitlements
extends java.lang.Object
| Modifier and Type | Class and Description |
|---|---|
static class |
Entitlements.EntitlementClassesEnum |
static interface |
Entitlements.EntitlementClassesHandler<T> |
static class |
Entitlements.EntityAndItem<T> |
static class |
Entitlements.FineGrainedEntitlements |
static class |
Entitlements.LifecycleEffectors
These lifecycle operations are currently treated as effectors.
|
static class |
Entitlements.StringAndArgument |
| Modifier and Type | Field and Description |
|---|---|
static EntitlementClass<java.lang.Object> |
ADD_CATALOG_ITEM |
static EntitlementClass<java.lang.Object> |
DEPLOY_APPLICATION
the permission to deploy an application, where parameter is some representation of the app to be deployed (spec instance or yaml plan)
|
static java.lang.String |
ENTITLEMENTS_CONFIG_PREFIX |
static ConfigKey<java.lang.String> |
GLOBAL_ENTITLEMENT_MANAGER |
static EntitlementClass<Entitlements.EntityAndItem<Entitlements.StringAndArgument>> |
INVOKE_EFFECTOR |
static EntitlementClass<Entitlements.StringAndArgument> |
MODIFY_CATALOG_ITEM |
static EntitlementClass<Entity> |
MODIFY_ENTITY |
static EntitlementClass<java.lang.Void> |
ROOT
permission to run untrusted code or embedded scripts at the server;
secondary check required for any operation which could potentially grant root-level access
|
static EntitlementClass<java.lang.Void> |
SEE_ALL_SERVER_INFO
catch-all for catalog, locations, scripting, usage, etc - exporting persistence, shutting down, etc;
this is significantly more powerful than
SERVER_STATUS. |
static EntitlementClass<java.lang.String> |
SEE_CATALOG_ITEM |
static EntitlementClass<Entity> |
SEE_ENTITY |
static EntitlementClass<Entitlements.EntityAndItem<java.lang.String>> |
SEE_SENSOR |
static EntitlementClass<java.lang.Void> |
SERVER_STATUS
permission to see general server status info: basically HA status; not nearly as much as
SEE_ALL_SERVER_INFO |
| Constructor and Description |
|---|
Entitlements() |
| Modifier and Type | Method and Description |
|---|---|
static <T> void |
checkEntitled(EntitlementManager checker,
EntitlementClass<T> permission,
T typeArgument)
throws
NotEntitledException if entitlement not available for current getEntitlementContext() |
static void |
clearEntitlementContext() |
static EntitlementContext |
getEntitlementContext()
Finds the currently applicable
EntitlementContext by examining the current thread
then by investigating the current task, its submitter, etc. |
static <T> boolean |
isEntitled(EntitlementManager checker,
EntitlementClass<T> permission,
T typeArgument) |
static EntitlementManager |
load(ManagementContext mgmt,
BrooklynProperties brooklynProperties,
java.lang.String type) |
static EntitlementManager |
minimal()
always DENY access to anything which requires entitlements
|
static EntitlementManager |
newManager(ManagementContext mgmt,
BrooklynProperties brooklynProperties) |
static EntitlementManager |
readOnly()
allow read-only
|
static <T> void |
requireEntitled(EntitlementManager checker,
EntitlementClass<T> permission,
T typeArgument)
Deprecated.
since 0.7.0, use
checkEntitled(EntitlementManager, EntitlementClass, Object);
kept briefly because there is some downstream usage |
static EntitlementManager |
root()
always ALLOW access to everything
|
static EntitlementManager |
serverStatusOnly()
allow healthcheck
|
static void |
setEntitlementContext(EntitlementContext context) |
public static EntitlementClass<java.lang.String> SEE_CATALOG_ITEM
public static EntitlementClass<java.lang.Object> ADD_CATALOG_ITEM
public static EntitlementClass<Entitlements.StringAndArgument> MODIFY_CATALOG_ITEM
public static EntitlementClass<Entity> SEE_ENTITY
public static EntitlementClass<Entitlements.EntityAndItem<java.lang.String>> SEE_SENSOR
public static EntitlementClass<Entitlements.EntityAndItem<Entitlements.StringAndArgument>> INVOKE_EFFECTOR
public static EntitlementClass<Entity> MODIFY_ENTITY
public static EntitlementClass<java.lang.Object> DEPLOY_APPLICATION
public static EntitlementClass<java.lang.Void> SEE_ALL_SERVER_INFO
SERVER_STATUS.
NB: this may be refactored and deprecated in futurepublic static EntitlementClass<java.lang.Void> SERVER_STATUS
SEE_ALL_SERVER_INFOpublic static EntitlementClass<java.lang.Void> ROOT
public static final java.lang.String ENTITLEMENTS_CONFIG_PREFIX
public static ConfigKey<java.lang.String> GLOBAL_ENTITLEMENT_MANAGER
public static EntitlementManager root()
public static EntitlementManager minimal()
public static EntitlementManager readOnly()
public static EntitlementManager serverStatusOnly()
public static EntitlementContext getEntitlementContext()
EntitlementContext by examining the current thread
then by investigating the current task, its submitter, etc.public static void setEntitlementContext(EntitlementContext context)
public static void clearEntitlementContext()
public static <T> boolean isEntitled(EntitlementManager checker, EntitlementClass<T> permission, T typeArgument)
public static <T> void checkEntitled(EntitlementManager checker, EntitlementClass<T> permission, T typeArgument)
NotEntitledException if entitlement not available for current getEntitlementContext()public static <T> void requireEntitled(EntitlementManager checker, EntitlementClass<T> permission, T typeArgument)
checkEntitled(EntitlementManager, EntitlementClass, Object);
kept briefly because there is some downstream usageNotEntitledException if entitlement not available for current getEntitlementContext()public static EntitlementManager newManager(ManagementContext mgmt, BrooklynProperties brooklynProperties)
public static EntitlementManager load(@Nullable ManagementContext mgmt, BrooklynProperties brooklynProperties, java.lang.String type)